Make OIDC User Admin
Hi
How do I set up an OIDC User to be admin?
Previously we had the special env:
AUTH_OIDC_OWNER_GROUP how do I achieve the same again?
Thanks!
Normally I expect an authentik user who is admin to be admin on homarr too, like it is in most other apps as well, but in homarr this seems to not work.11 Replies
Thank you for submitting a support request.
Depending on the volume of requests, our team should get in contact with you shortly.
⚠️ Please include the following details in your post or we may reject your request without further comment: - Log (See https://homarr.dev/docs/community/faq#how-do-i-open-the-console--log) - Operating system (Unraid, TrueNAS, Ubuntu, ...) - Exact Homarr version (eg. 0.15.0, not latest) - Configuration (eg. docker-compose, screenshot or similar. Use ``your-text`` to format) - Other relevant information (eg. your devices, your browser, ...)
Frequently Asked Questions | Homarr documentation
Can I install Homarr on a Raspberry Pi?
I’m wondering this too but using Zitadel. From their example, it seems like the admin key should be traversed through the roles scope or equivalent but I’ve not been able to get it to work either
During onboarding you have to create the external admin group whichs name has to match the name of your oidc provider
so basically I'd have to create a group called authentik on homarr?
But won't then every user from authentik have admin?
Is this possible after I already did the first-login via authentik? Or do I have to re-create the user, e.g. delete it.
In theory you should have been able to just create a group woth the same "name" as the env variable. Depending on your setup, you can create the oidc group with credentials user (if there is an administrator there) otherwise we'll need a cli option
But then again my concern, won't then all authentik users be admin?
In the optimal case, I could sign in using authentik and then modify that authentik user using a homarr admin, like it is in many other applications.
Only if they are in your authentik admin group? You can set permissions for groups within Homarr
Sorry I'm not really looking through what you mean right now.
So based what you wrote above, I create a new group called
authentik as AUTH_OIDC_CLIENT_NAME=authentik and if I then login from a user which has never logged into homarr via authentik, it should get the permissions I assigned to the group authentik, but only if the user is a global authentik admin? Really? That does not really make sense for me, I've never seen such a setup.No😂
You create a group with the same name in homarr and authetik, or use the name of your existing admin group from authetik. Then you can configure its permissions regarding Homarr in the permissions tab of the group in Homarr
Thanks yes now it's really clear and totally makes sense.
Worked just fine, thanks a lot!
May I create a PR to better describe this in the docs? This is really lacking in my eyes.
Sure!