Authentik

This feature is available only with a valid FileFlows license.

Authentik Configuration

To integrate FileFlows with Authentik via OpenID Connect:

1. Log in to your Authentik instance.
2. Navigate to Applications → Create with Provider.
   This is the easiest way to create a preconfigured OAuth2 provider for FileFlows.
3. Set the Name (e.g., FileFlows) and assign a Slug.
   The default slug for FileFlows is file-flows.
4. Choose OAuth2/OpenID Provider as the provider type.
5. Select your authorization flow, for example default-provider-authorization-implicit-consent (Authorize Application).
6. Copy your Client ID and Client Secret — you will need these for FileFlows.
7. Click Add Entry to add the callback URL. Use the strict URL for your instance:

https://fileflows.mydomain.com/oidc/callback

8. Save the application.

---

FileFlows Settings

FileFlows needs the Authentik application information to perform OIDC authentication. You can configure it via the Web Console or environment variables (useful for Docker).

Web Console

1. Navigate to Config → Security

2. Set Mode to Open ID Connect

3. Fill in the fields:

   • Authority:

     Base URL of your Authentik instance for the application (e.g., https://auth.example.com/application/o/file-flows/)

   • Client ID:

     The Client ID from the Authentik application.

   • Client Secret:

     The Client Secret from the Authentik application.

   • Callback Address:

     Public URL of FileFlows (e.g., https://fileflows.mydomain.com).

     FileFlows appends /oidc/callback automatically. An optional callback address, you can use this to override the default address this will send to the client.

     For example if you are behind a reverse proxy and FileFlows is listening on HTTP but the callback should occur on HTTPS.

   • Required Group:

     Optional: only allow users in this Authentik group to log in.

4. Click Save and restart FileFlows.

Docker Environmental Variables

You can also configure the same settings via environment variables for Docker deployments:

OidcAuthority=https://auth.example.com/application/o/file-flows/
OidcClientId=fileflows
OidcClientSecret=YOUR_CLIENT_SECRET
OidcCallbackAddress=https://fileflows.mydomain.com
OidcRequiredGroup="authentik Admins"

Setting values via environment variables allows FileFlows to start fully configured without manually updating the Web Console.