thegrind/authentikate
4
0
Fork 0
generated from thegrind/laravel-dockerized
Code Issues Pull Requests Actions Packages Projects Releases 5 Wiki Activity
authentikate/docs/guide/first-setup.md
Javier Feliz 9db9b0f6b3
All checks were successful
linter / quality (push) Successful in 3m34s
Details
tests / ci (push) Successful in 7m10s
Details
Got claude started on the docs. Will have to update them heavily
2025-08-03 00:23:06 -04:00

202 lines
5.6 KiB
Markdown
Raw Blame History

# First Setup
After installing AuthentiKate, you'll want to complete the initial configuration to make it ready for production use.
## Initial Login
When you first start AuthentiKate, it automatically creates an admin user. The credentials are shown in the container logs:
```bash
docker logs authentikate
```
Look for:
```
✅ Initial admin user created:
Email: admin@authentikate.local
Password: randomly-generated-password
```
::: tip
Save these credentials securely! You'll need them to access the admin interface.
:::
## Admin Dashboard
After logging in, you'll see the AuthentiKate dashboard with:
- **Applications**: Manage OAuth applications
- **Users**: User management and invitations
- **Tokens**: View active authentication tokens
- **Profile**: Your user profile settings
## Essential Configuration Steps
### 1. Update Your Profile
1. Click your avatar in the top right
2. Select **"Profile"**
3. Update your information:
- Change the email from `admin@authentikate.local` to your real email
- Set a preferred username
- Upload an avatar (optional)
- **Change your password** to something secure
### 2. Configure Email (Recommended)
Email is used for:
- User invitations
- Password resets
- Account verification
Set up email by updating your environment variables:
```yaml
environment:
MAIL_MAILER: smtp
MAIL_HOST: smtp.gmail.com
MAIL_PORT: 587
MAIL_USERNAME: your-email@gmail.com
MAIL_PASSWORD: your-app-password
MAIL_ENCRYPTION: tls
MAIL_FROM_ADDRESS: auth@yourdomain.com
MAIL_FROM_NAME: "AuthentiKate"
```
[→ See full email configuration guide](/config/email)
### 3. Set Your Domain
Update the `APP_URL` to match your actual domain:
```yaml
environment:
APP_URL: https://auth.yourdomain.com
```
This ensures:
- Correct OAuth redirect URLs
- Proper JWT issuer claims
- Working email links
### 4. Create Your First Application
1. Go to **Applications****Create Application**
2. Fill in the basic information:
- **Name**: Your application name (e.g., "Grafana")
- **Redirect URI**: Where users return after authentication
- **Icon**: Optional app icon URL
3. Note the generated **Client ID** and **Client Secret**
4. Use these in your application's OAuth configuration
## Security Checklist
Before going to production, verify these security settings:
### ✅ Admin Account
- [ ] Changed default admin email
- [ ] Set a strong, unique password
- [ ] Enabled email verification (if email is configured)
### ✅ Environment
- [ ] Set `APP_ENV=production`
- [ ] Set `APP_DEBUG=false`
- [ ] Using HTTPS with valid SSL certificate
- [ ] `APP_URL` matches your actual domain
### ✅ Database
- [ ] Using persistent volume for data
- [ ] Consider using PostgreSQL/MySQL for production
- [ ] Regular backups configured
### ✅ Reverse Proxy
- [ ] Proper SSL termination
- [ ] Security headers configured
- [ ] Rate limiting in place
## Application Integration
### OIDC Endpoints
Your applications will need these endpoints:
| Endpoint | URL |
|----------|-----|
| Authorization | `https://auth.yourdomain.com/oauth/authorize` |
| Token | `https://auth.yourdomain.com/oauth/token` |
| User Info | `https://auth.yourdomain.com/oauth/userinfo` |
| JWKS | `https://auth.yourdomain.com/.well-known/jwks.json` |
| Discovery | `https://auth.yourdomain.com/.well-known/openid_configuration` |
### OAuth Flow
1. **User clicks login** in your application
2. **Redirect to AuthentiKate** with authorization request
3. **User authenticates** (if not already logged in)
4. **User consents** to application access (if required)
5. **Redirect back** to your application with authorization code
6. **Exchange code** for access token and ID token
7. **Access user info** using the access token
## User Management
### Invitation System
AuthentiKate uses an invitation-based registration system:
1. **Admin creates invitation** with user's email
2. **Invitation email sent** with registration link
3. **User completes registration** using the invitation
4. **User can access applications** they're authorized for
### User Permissions
- **Admin users**: Full access to manage applications and users
- **Regular users**: Can only access authorized applications and manage their own profile
## Backup Strategy
Set up regular backups of your AuthentiKate data:
### SQLite (Default)
```bash
# Daily backup script
#!/bin/bash
docker exec authentikate cp /var/www/html/storage/database/database.sqlite /tmp/backup.sqlite
docker cp authentikate:/tmp/backup.sqlite ./backups/authentikate-$(date +%Y%m%d).sqlite
```
### Full Volume Backup
```bash
# Backup all persistent data
docker run --rm -v authentikate_data:/data -v $(pwd)/backups:/backup alpine tar czf /backup/authentikate-full-$(date +%Y%m%d).tar.gz -C /data .
```
## Common Next Steps
### Popular Integrations
- [Set up Grafana SSO](/integrations/grafana)
- [Configure Nextcloud authentication](/integrations/nextcloud)
- [Integrate with Traefik forward auth](/integrations/traefik)
### Advanced Configuration
- [Environment variables reference](/config/environment)
- [Database configuration](/config/database)
- [Security settings](/config/security)
### User Management
- [Create user invitations](/guide/invitations)
- [Manage user profiles](/guide/profiles)
- [Handle user permissions](/guide/users)
## Getting Help
If you run into issues:
1. **Check the logs**: `docker logs authentikate`
2. **Verify configuration**: Compare with working examples
3. **Test endpoints**: Use curl or Postman to test OIDC endpoints
4. **Community support**: Check GitHub issues and discussions
Your AuthentiKate instance is now ready for production use! 🎉
Reference in New Issue View Git Blame Copy Permalink