core_transactional_applications_update
PUT/core/transactional/applications/
Convert data into a blueprint, validate it and apply it
Request
- application/json
Body
required
- GoogleWorkspaceProviderRequest
- LDAPProviderRequest
- MicrosoftEntraProviderRequest
- OAuth2ProviderRequest
- ProxyProviderRequest
- RACProviderRequest
- RadiusProviderRequest
- SAMLProviderRequest
- SCIMProviderRequest
app
object
required
Application Serializer
Possible values: non-empty
Application's display Name.
Possible values: non-empty
and <= 50 characters
, Value must match regular expression ^[-a-zA-Z0-9_]+$
Internal application name, used in URLs.
Open launch URL in a new browser tab or window.
Possible values: [all
, any
]
Possible values: [authentik_providers_google_workspace.googleworkspaceprovider
, authentik_providers_ldap.ldapprovider
, authentik_providers_microsoft_entra.microsoftentraprovider
, authentik_providers_oauth2.oauth2provider
, authentik_providers_proxy.proxyprovider
, authentik_providers_rac.racprovider
, authentik_providers_radius.radiusprovider
, authentik_providers_saml.samlprovider
, authentik_providers_scim.scimprovider
]
provider
object
required
oneOf
Possible values: non-empty
Property mappings used for group creation/updating.
Possible values: non-empty
and <= 254 characters
Possible values: non-empty
Possible values: [do_nothing
, delete
, suspend
]
Possible values: [do_nothing
, delete
, suspend
]
Possible values: non-empty
Possible values: non-empty
Flow used for authentication when the associated application is accessed by an un-authenticated user.
Flow used when authorizing this provider.
Possible values: non-empty
DN under which objects are accessible.
Users in this group can do search queries. If not set, every user can execute search queries.
Possible values: >= -2147483648
and <= 2147483647
The start for uidNumbers, this number is added to the user.pk to make sure that the numbers aren't too low for POSIX users. Default is 2000 to ensure that we don't collide with local users uidNumber
Possible values: >= -2147483648
and <= 2147483647
The start for gidNumbers, this number is added to a number generated from the group.pk to make sure that the numbers aren't too low for POSIX groups. Default is 4000 to ensure that we don't collide with local groups or users primary groups gidNumber
Possible values: [direct
, cached
]
Possible values: [direct
, cached
]
When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon.
Possible values: non-empty
Property mappings used for group creation/updating.
Possible values: non-empty
Possible values: non-empty
Possible values: non-empty
Possible values: [do_nothing
, delete
, suspend
]
Possible values: [do_nothing
, delete
, suspend
]
Possible values: non-empty
Flow used for authentication when the associated application is accessed by an un-authenticated user.
Flow used when authorizing this provider.
Possible values: [confidential
, public
]
Possible values: non-empty
and <= 255 characters
Possible values: <= 255 characters
Possible values: non-empty
Access codes not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).
Possible values: non-empty
Tokens not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).
Possible values: non-empty
Tokens not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).
Include User claims from scopes in the id_token, for applications that don't access the userinfo endpoint.
Key used to sign the tokens. Only required when JWT Algorithm is set to RS256.
Enter each URI on a new line.
Possible values: [hashed_user_id
, user_id
, user_uuid
, user_username
, user_email
, user_upn
]
Possible values: [global
, per_provider
]
Possible values: non-empty
Flow used for authentication when the associated application is accessed by an un-authenticated user.
Flow used when authorizing this provider.
Possible values: non-empty
Validate SSL Certificates of upstream servers
Regular expressions for which authentication is not required. Each new line is interpreted as a new Regular Expression.
Set a custom HTTP-Basic Authentication header based on values from authentik.
User/Group Attribute used for the password part of the HTTP-Basic Header.
User/Group Attribute used for the user part of the HTTP-Basic Header. If not set, the user's Email address is used.
Possible values: [proxy
, forward_single
, forward_domain
]
When enabled, this provider will intercept the authorization header and authenticate requests based on its value.
Possible values: non-empty
Tokens not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).
Possible values: non-empty
Tokens not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).
Possible values: non-empty
Flow used for authentication when the associated application is accessed by an un-authenticated user.
Flow used when authorizing this provider.
Possible values: non-empty
Determines how long a session lasts. Default of 0 means that the sessions lasts until the browser is closed. (Format: hours=-1;minutes=-2;seconds=-3)
When set to true, connection tokens will be deleted upon disconnect.
Possible values: non-empty
Flow used for authentication when the associated application is accessed by an un-authenticated user.
Flow used when authorizing this provider.
Possible values: non-empty
List of CIDRs (comma-separated) that clients can connect from. A more specific CIDR will match before a looser one. Clients connecting from a non-specified CIDR will be dropped.
Possible values: non-empty
Shared secret between clients and server to hash packets.
When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon.
Possible values: non-empty
Flow used for authentication when the associated application is accessed by an un-authenticated user.
Flow used when authorizing this provider.
Possible values: non-empty
and <= 200 characters
Value of the audience restriction field of the assertion. When left empty, no audience restriction will be added.
Possible values: non-empty
Also known as EntityID
Possible values: non-empty
Assertion valid not before current time + this value (Format: hours=-1;minutes=-2;seconds=-3).
Possible values: non-empty
Assertion not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).
Possible values: non-empty
Session not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).
Configure how the NameID value will be created. When left empty, the NameIDPolicy of the incoming request will be considered
Possible values: [http://www.w3.org/2000/09/xmldsig#sha1
, http://www.w3.org/2001/04/xmlenc#sha256
, http://www.w3.org/2001/04/xmldsig-more#sha384
, http://www.w3.org/2001/04/xmlenc#sha512
]
Possible values: [http://www.w3.org/2000/09/xmldsig#rsa-sha1
, http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
, http://www.w3.org/2001/04/xmldsig-more#rsa-sha384
, http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
, http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1
, http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256
, http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384
, http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512
, http://www.w3.org/2000/09/xmldsig#dsa-sha1
]
Keypair used to sign outgoing Responses going to the Service Provider.
When selected, incoming assertion's Signatures will be validated against this certificate. To allow unsigned Requests, leave on default.
Possible values: [redirect
, post
]
Default relay_state value for IDP-initiated logins
Possible values: non-empty
Property mappings used for group creation/updating.
Possible values: non-empty
Base URL to SCIM requests, usually ends in /v2
Possible values: non-empty
Authentication token
Responses
- 200
- 400
- 403
- application/json
- Schema
- Example (from schema)
Schema
{
"applied": true,
"logs": [
"string"
]
}
- application/json
- Schema
- Example (from schema)
Schema
{
"non_field_errors": [
"string"
],
"code": "string"
}
- application/json
- Schema
- Example (from schema)
Schema
{
"detail": "string",
"code": "string"
}