Self-Hosted SSO: How to Set Up Authentik with Docker Compose for Unified Login

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

when it comes to South hosting we South host so many Individual Services right and generally what happens then is that those Services then have their own account logins as well they will have an account associated with them so in this video I'm going to show you how we can actually consolidate our accounts to one identity provider and in this case we will be looking at authentic and I'm going to show you how you can South Host this using Docker compost welcome back to another video everyone like I just said we are going to be looking at authentic in this video it is a open- source identity provider now if you're not sure what an identity provider is or how it works I'm going to show you in this video so don't worry all of the documentation and all of the steps that I'm going to be covering in this video uh are covered in my documentation which is docs. te. NZ a link to that will be in the description so go check that out if you're Keen to follow along as well so if I'm going a bit too fast it doesn't matter all the steps are documented in my documentation again which is linked in the description thank you so much for everyone for all the support it's been amazing lately uh so yeah don't forget to subscribe and like let's jump right into authentic and let's have a look in how it works so if you're like me I learn best by examples so what I'm going to do is I'm going to show you authentic give you a bit of a an idea on how everything works and then I'm going to show you a live example on how we can use authentic to log into a service such as paina and then once I've shown you kind of how it works and you can get an idea on how an identity provider functions then I'm going to show you how we can get this all set up so what we're looking at here is my selfhosted version of authentic so I'm I'm going to log in here and then I'll just take you through the application so you can get an idea on how it works and how we can set up users and stuff like that and then I'm going to show you how an IDP actually works when it's integrated with an app and in this case it's going to be POA and we'll go from there and then I'll show you the setup so I'm just logging in right now so I've got the username just put the password in and now I've just got to use my authenticator so that's another cool thing all of this so when you're logging in using authentic and you've got MF or anything like that that's enforced right so you can have MFA all set up so you're not setting up different authentications and MFA authentications for every single self-hosted service you have you can make sure that all of your accounts and your MFA is just Consolidated to one service and in this case authentic you don't have to worry about managing like 10 or 15 different mfas for your different applications it's all Consolidated right so we're all signed in let me just make this a bit bigger for you so what we're going to do I'm just going to give you a quick overview on this now if You' got any more questions or just trying to understand how you can set this up um for specific use cases feel free to jump into the Discord or ask in the YouTube comments or just look at their documentation what I'm going to just show you is a general view of how you create users and how you can link it to applications and stuff but it's not going to be a huge Deep dive into those components it's more just how you can s self host authentic and just get it up and running to be in a position to do those other things so what we're going to do is we're going to jump into the admin interface here in the top right hand so here what we can do is this is where you can manage all of like your users and just anything to do with your authentication for authentic so in this case the main part that we want to worry about is the directory so you can see here on the left we've got directory and this is where we can create all of our users right so these users here the Tik toks which is me and then an admin account so what this means is I can have this user this Tik tox's user here and that can be the user and the the username and the password that I can set up to authenticate with any of my cell phost services that support o and a single sign on that can support linking up to authentic that means that I can then just use this one account for all of those services and then once you've got it all Linked In let's say you've got uh if you're a small business or even a bigger business that this is going to be your identity provider you can have all of your users in here and then you can actually create groups these groups have permissions and then you can actually sync the groups to the applications as well so based on the groups these users have access to it's already been set up in your authentic you link it to the app and all all of those roles and everything you've set up is already in place you're not having to like do it again or you know do it just for the specific application youve already set it up in your identity provider so again I'm not doing a huge Deep dive on how to set up specific applications or an authentic I will definitely cover how you for example set up Porta authentic so that will give you an idea on how you configure applications to work with authentic but again this is just more self-hosting authentic itself so let's say you've got painer all set up and you've got your user an authentical set up and you've got authentic LinkedIn painer I'm going to show you how this works so this is my painer instance that I have up and running so like I was saying before when you're self-hosting all of these applications generally you have all these internal accounts associated with the application right that one account and one application you've got one of one right so this is what you would normally have to worry about is I'd go to the internal authentication and now I have to use the username and password that specifically is for fainer right now when you start self hosting all of these applications you're now having to manage all of these usernames and passwords and it just becomes a bit tedious so rather than doing all of that we can just have the one identity provider in this case authentic and so rather than having to have individ your usernames and passwords if I come back to authentic and click users again this Tik tok's user I can use with pora because the aolf is all set up and any other application that is connected to authentic so I'll show you if I click it log in with aolf you'll see what happens it's already been set up so now it's taken me to authentic to log in right so it says here log to continue to bainer and now I enter my password and I hit continue and now what you'll see is it authenticated with authentic right and that account's valid and now I've been able to log in to paina using my authentic user rather than any local user So within users on the left hand side here I can see my Tik tox's account here now I had to give it admin user so with P specifically when I logged in it didn't have any of Rights so I've given it rights just for the sake of this video but you can create really cool things with Baner as well so by default Accounts at login for the first time get automatically added to groups based on groups inside of authentic all of this cool stuff but I'm just trying to keep it simple for now so the idea is that once you've logged in I've logged in with my allf account and that's it this account here I don't have to have a specific account for Porta it's the same account and authentic so I hope you now understand how an IDP works and single sign on and all of that good stuff so now that I'm authenticated with authentic right I'm logged in if I had another service that was utilizing authentic for the IDP for oaf that means since I'm already logged in if I went to go click log into to that other application I would automatically log in because the session is already open and I'm still logged in to authentic do you see how this can kind of be really beneficial you've got the one user been used over many applications rather than a one to one now I know I've been talking for a little while about this but I just want to make sure you understand the whole purpose of an ID right so enough talking about how it works let me show you how you can get it set up for yourself so this is my Tik tok's documentation uh web page so under docking containers on the left if you come down to I just passed it authentic I have all the steps here that you can follow to get the setup and these are the steps that I'm going to follow in a second to show you how you can get this all set up as well so what we need to do is log into our server where we're going to be running authentic right so we are in my Alm server at the moment so if you like to follow my structure for setting up doc containers and just the directories and such I have a folder called Docker and then inside a Docker I have a folder for each one of the containers where they store their composed file so in the authentic uh directory it's all nice and empty so now we can follow the steps so first off what we're going to do is we're actually going to grab a copy of the composed file so we can grab this directly from Authentics website so we don't actually need to you know copy and paste anything in we can just download this straight away with the WG command so we can paste this in here and that's going to grab that compos file now I'll just do an LS and you can see that the compos file is there so if we just have a look at it you can see it's just a normal composed file but there's a fair bit in here right so for you um if you were interested at the bottom of my documentation I actually have a breakdown of the composer file so if you're curious on how it all works and why things are there come check out the bottom of the documentation page and it kind of just gives you a bit of a a breakdown if you're interested so once we've got that what we need to actually do is actually generate some Secrets uh that we're going to store in an environment file which our Docker compos will use so rather than actually storing the credentials in a composed file we're going to store them in a hidden file called EnV which our composed file already knows to look for and then once we've got those in that it will use them so these commands here will do all that for us it will generate a random string essentially a random password and it will store it in the EnV file and it will also create a authentic secret key as well uh so if you don't have um password gen you can just install it if you're on Linux so pseudo appt install uh password gen so we can grab that command go back to our server and make sure we have that and you can see I already have it installed which is great so what we can do now is grab this first line here come back to our server and paste that in so if I do an LS you'll see you don't see anything but if we do a cat. EnV it's actually there we've got an EnV file there and where you can see we've actually pushed that PG pass with a value into that file and now we'll grab the second line here and we'll paste that one in so now again if we that we've now got our secret key as well so make sure you've got those and now if you want to enable error reporting you can copy this line here it Mak sense to do it especially when it comes to debugging and stuff it's always good to have the sort of stuff so let's enter on this one and again we can have a look and make sure that's there and that's is now we can also set up email configurations So like um you know resetting passwords all of that stuff we can do that here I'm not going to go through this it's optional uh as it says here it's recommend Ed so if you do have a way of setting up um email and sending you know sending foring emails um with an application you can configure that here I'm not going to cover that in this video uh but if you're keen on understanding it check out the authentic documentation as well and they will go into detail on how you can configure this so coming down here you can see we can configure the ports so if you need to change them so by default authentic runs on Port 9000 and 9443 for https if you want to change those you can add this to your EnV file I'm I'm happy with Port 9000 and 9443 so I'm going to leave it how it is and then once you've done that now if you fil familiar with Docker compose all we need to do is pull the image that we're going to use and then we can stand it up so we'll do a Docker compose pull right so we're pulling the image you'll notice that my commands changed a little bit I had to actually use pseudo for that download um normally I don't have to use pseudo I don't know why it was asking me to use pseudo for that one because my user is part of the docker group anyway we're pulling that image now so we'll just let that finish right so we actually have our images pulled now which is great so coming back to our documentation what we need to do now is just to dock a compose up hyph D so let's hit that and now that's going to create our containers for us right so those containers are starting now so we can just do a Docker PS Docker PS and if we go to the top we can see that they are starting now so looking at the documentation now we can see that we can actually access it on HTTP the IP address or the host name of of our server Port 9,000 and then with the if flow initial setup URL okay so let's do that now also just a note if you get this here when you try connect to it fail to connect to authentic backend authentic starting it just means that it's everything is still kind of just coming up so just give it a little bit of time and then give it a bit of a refresh and you should be able to hit it and there we go we have now hit the login screen to to set up our admin account for authentic awesome so we'll just quickly set up an account here put that password and again and hit continue There we go so we've logged in and now you are now in a position to go into the admin interface create your users that you like set up the applications that you want as well and then you have your identity provider set up so I know that we covered a lot in this video and this was just setting up the IDP of authentic right we're just standing up authentic to be in a position to now use it with applications now if you have any questions on you know how you can set it up and again it's kind of just a matter of looking up the documentation for setting up authentication with application you want to use as long as that application supports AOL but again if you've got any questions on how you can set the how you want to set the stuff up if you're having any issues join my Discord a link is in the description or ask in the comments below and I'm more than happy to help you out but again I'm going to cover more around authentic and how you can use it and more features of it there's a lot to cover here but this is just to look at one what an IDP is how you use it and how we can stand up authentic so I hope you enjoyed this video thank you so much for watching and I will see you in the next video have a good one everyone [Music] bye-bye

Info

Channel: Techdox

Views: 2,921

Rating: undefined out of 5

Keywords: docker, authentik, docker compose, authentik setup, authentik docker, authentik docker compose, traefik docker compose, authelia docker, authelia setup, docker compose tutorial, traefik docker, setup, authentik setup guide, traefik docker compose tutorial, authentik worker, docker compose yml, how to setup authelia with nginx proxy manager, secure domain with authelia, authentik unraid, authentik outposts, authentik auth, authentik ubuntu, authentik trailer

Id: 3fRMVXNfT9A

Channel Id: undefined

Length: 14min 27sec (867 seconds)

Published: Fri Feb 16 2024