Release 2024.8

Highlights

Source property mappings for SCIM, OAuth, SAML, and Plex sources: All sources now support property mappings to configure how authentik interprets the incoming source's data. Additionally, groups can be synced from all sources that provide group info.
RADIUS provider custom attribute support: Integrate RADIUS better into network infrastructure by sending vendor-specific attributes based on the user authenticating.
SAML encryption support: SAML source and provider support encryption now, which prevents anyone from viewing the information of in-flight assertions.
RBAC support for blueprints and Terraform: Permissions can now be assigned and automated using both blueprints and Terraform.

Breaking changes

Manual action is required

LDAP property mappings simplification

LDAP property mappings have been reworked to remove Object field. With this release, instead of returning a single user or group attribute for each property mapping, you can now return several of them. Here is an example of what new property mappings look like:
python
```
return {
    "username": ldap.get("uid"), # list_flatten is automatically applied to top-level attributes
    "attributes": {
        "phone": list_flatten(ldap.get("phoneNumber")), # but not for attributes!
    },
}
```
This property mapping populates the username and attributes.phone attributes of a user at the same time, reducing the number of mappings that are run and thus improving performance. Additionally, they are more straightforward to read, and this change allowed us to implement property mappings for OAuth and SAML sources as well.

authentik will automatically convert existing property mappings to this new format, by generating some Python code for each of the existing property mappings expressions. Property mappings that are managed by authentik will automatically get updated to the new format.

If you have any custom property mappings, we recommend converting them to this new format.
OAuth and SAML sources now sync groups by default

OAuth (specifically OpenID and Okta) sources now sync groups by default when a groups claim is available.

SAML sources now sync groups by default when a http://schemas.xmlsoap.org/claims/Group attribute is available in the assertion.

To disable that behavior, create an OAuth/SAML source property mapping with the expression below and assign it as a user property mapping on the source.
python
```
return {
    "groups": [],
}
```
Terraform Resource rename

Several resources in the Terraform provider have been renamed to align with new functionality. This mainly applies to property mapping-related resources. With the authentik version 2024.8.1 of the Terraform provider, both the old and new resources are available, and resources can be moved to the new name using terraform state mv.

These resources have been renamed:
- authentik_property_mapping_google_workspace
- authentik_property_mapping_ldap
- authentik_property_mapping_microsoft_entra
- authentik_property_mapping_rac
- authentik_property_mapping_radius
- authentik_property_mapping_saml
- authentik_property_mapping_scim

Manual action may be required

Changes to the external user type

Since the introduction of user types with 2023.8, the main difference between internal and external users has mostly been relevant when using the Enterprise version of authentik.

With this release, authentik improves support for B2C use-cases, which external users are intended for. It is now possible to configure a default application. External users not attempting to access a specific application will always be redirected to this default application.

As part of this, external users will no longer have access to the User and Admin interfaces. If you're using the open-source version and you require this workflow, you can change users to be Internal, which will have no side-effects. For Enterprise customers, please reach out to us with any questions.

<details><summary>Bulk changing the user type</summary>In the container, run the command `ak change_user_type --all --type internal` to change all users to Internal. Instead of using `--all` you can also pass usernames to the command to only change individual users to internal.</details>

Changed HTTP healthcheck endpoints status code

For increased compatibility, the /-/health/live/ and /-/health/ready/ endpoints return 200 HTTP Status codes for successful checks. Previously these endpoints returned 204, which means in most cases no changes are required.

New features

Source property mappings for SCIM, OAuth, SAML and Plex sources

All source types now support property mappings to customize how authentik should interpret the data the source provides. In addition to that, it is also now possible to sync groups and group membership from sources that provide group information. See Property Mappings.
RADIUS provider custom attribute support

With 2024.8 it is possible to define custom attributes for the RADIUS provider, for example vendor-specific attributes like Cisco's AV-Pair attribute. These attributes are defined in property mappings which means they can be dynamically defined based on the user authenticating. See RADIUS Provider
SAML encryption support

It is now possible to configure SAML sources and providers to decrypt and validate encrypted assertions. This can be configured by creating a Certificate-keypair and selecting it in the SAML source or provider.
GeoIP Policy

With the new GeoIP Policy it is possible to grant/deny access based on Country and ASN, without having to write an expression policy.
Simplification of LDAP Provider permissions

The LDAP provider now uses RBAC to assign the appropriate permission to search the full directory instead of requiring a dedicated group to be created. As part of the upgrade, existing search groups' users are migrated to grant the required permission to search the full directory.
RBAC support for blueprints and Terraform

RBAC permissions for global/object level permissions for users/roles can now be managed via blueprints and Terraform. This allows for the automatic configuration of permissions.
UX improvements

In previous versions of authentik, there were several places in the Admin interface where you could not select more than 100 items. With this change, it is now possible to search for items and select more than 100 items.
WebFinger support

With the addition of the default application setting, when the default application uses an OIDC provider, a WebFinger endpoint is available now.

Upgrading

This release does not introduce any new requirements. You can follow the upgrade instructions below; for more detailed information about upgrading authentik, refer to our Upgrade documentation.

:::warning When you upgrade, be aware that the version of the authentik instance and of any outposts must be the same. We recommended that you always upgrade any outposts at the same time you upgrade your authentik instance. :::

Docker Compose

To upgrade, download the new docker-compose file and update the Docker stack with the new version, using these commands:

shell

wget -O docker-compose.yml https://goauthentik.io/version/2024.8/docker-compose.yml
docker compose up -d

The -O flag retains the downloaded file's name, overwriting any existing local file with the same name.

Kubernetes

Upgrade the Helm Chart to the new version, using the following commands:

shell

helm repo update
helm upgrade authentik authentik/authentik -f values.yaml --version ^2024.8

Minor changes/fixes

api: use custom json renderer for speed (#9977)
blueprints: handle model referencing non-existent app/model (#10796)
brands: add OIDC webfinger support (#10400)
core: add index on enabled field of sources (#10572)
core: add primitives for source property mappings (#10651)
core: b2c improvements p1 (#9257)
core: fix error when raising SkipObject in mapping (#10153)
core: fix migrations missing using db_alias (#10409)
core: fix source flow_manager not resuming flow when linking (#10436)
core: fix URLValidator regex to allow single digit port (#10280)
core: remove deprecated sentry-sdk method usage (#10648)
core: remove html language tag for pages that are translated (#10611)
core: remove transitionary old JS urls (#10317)
core: rework base for SkipObject exception to better support control flow exceptions (#10186)
enterprise: add support for license flags (#10842)
enterprise: UI improvements, better handling of expiry (#10828)
enterprise/rac: fix error when listing connection tokens as non-superuser (#10771)
events: associate login_failed events to a user if possible (#10270)
events: fix race condition (#10602)
flows: remove stage challenge type (#10476)
internal: Use loop instead of recursion in NewAPIController (#10745)
lib/sync: handle SkipObject in direct triggered tasks (#10590)
lifecycle: only create tenant media root if needed (#10616)
outposts: add better UI for showing mismatched versions (#10885)
outposts: ensure minimum refresh interval (#10701)
outposts: implement general paginator for list API requests (#10619)
outposts: make refresh interval configurable (#10138)
policies: add GeoIP policy (#10454)
policies/reputation: fix existing reputation update (#10124)
providers: add provider/ prefix for property mappings API (#10874)
providers/ldap: fix missing using in migrations (#10906)
providers/ldap: Remove search group (#10639)
providers/proxy: avoid erroring on logout with session_id is None (#9119)
providers/proxy: fix Traefik label generation for v3 (#10411)
providers/radius: Add support for custom attributes (#10509)
providers/radius: fix custom attribute (#10704)
providers/radius: property mapping docs (#10908)
providers/saml: encryption support (#10934)
providers/saml: fix incorrect migration for sign_response (#10975)
providers/saml: fix metadata import error handling (#10349)
providers/saml: remove redundant ACSUrl in POST (#10707)
providers/scim: Fix exception handling for missing ServiceProviderConfig (#10322)
rbac: generate blueprint schema permissions from defined models not DB (#10962)
rbac: rework API for terraform, add blueprint support (#10698)
root: allow extra sentry settings (#10269)
root: dependency maintenance (#10689)
root: Make health checks compatible with cloud platform load balancers (#10554)
root: make pyrad a standard dependency (#10649)
root: makefile: add codespell to make-website (#10116)
root: only load daphne django app in development (#10723)
root: use custom model serializer that saves m2m without bulk (#10139)
sources: add property mappings for all oauth and saml sources (#8771)
sources: introduce new property mappings per user and group (#8750)
sources: refactor user connection api (#10607)
sources/ldap: Add enabled filter for ldap_password_validate signal (#10823)
sources/ldap: fix migrations failing (#10588)
sources/ldap: rename ldappropertymapping to ldapsourcepropertymapping (#10606)
sources/oauth: fix link not being saved (#10374)
sources/plex: add property mappings (#10772)
sources/saml: Basic support for EncryptedAssertion element. (#10099)
sources/saml: fix pickle error, add saml auth tests (#10348)
sources/scim: add property mappings (#10650)
sources/scim: fix duplicate service account users and changing token (#10735)
sources/scim: fix schema loading with pwd is not set properly (#10574)
stages/authenticator_validate: fix friendly_name being required (#10382)
stages/authenticator: actually update last_used (#10813)
stages/authenticator: add created, last_updated and last_used metadata (#10636)
stages/prompt: fix prompt not editable with invalid expression (#10603)
stages/user_login: fix ?next parameter not carried through broken session binding (#10301)
web: disable reading dark mode out of the UI by default (#10256)
web: enable custom-element-manifest and DOM/JS integration checking. (#10177)
web: enhance search select with portal, overflow, and keyboard controls (#9517)
web: fix bad name target that's breaking build (#10506)
web: fix dark theme and theme switch (#10667)
web: fix docker build for non-release versions (#10154)
web: fix early modal stack depletion (#10068)
web: fix mismatched button labels for boundpolicy and boundstage list (#10551)
web: fix needed because recent upgrade to task breaks spinner button (#10142)
web: fix theme not applying to document correctly (#10721)
web: fixed missed internationalized strings (#10323)
web: licenseStatus is not defined on initial render (#10894)
web: provide 'show password' button (#10337)
web: provide a test framework (#9681)
web: provide better feedback on Application Library page about search results (#9386)
web: provide default endpoint api configuration (#10319)
web: replace all occurrences of the theme placeholder (#10749)
web: replace multi-select with dual-select for all propertyMapping invocations (#9359)
web: restore hasLaunchUrl to client-side criteria for filtering apps (#10291)
web: search select with focus, autocomplete, and progressive search (#10728)
web: set noopener and noreferrer on all external links (#10304)
web/admin: fix access token list calling wrong API (#10434)
web/admin: fix authentication/enrollment flow in sources being marked as required (#10911)
web/admin: fix missing SAML Provider ECDSA options (#10612)
web/admin: fix selectable card colour in dark theme (#10794)
web/admin: refactor property mappings forms (#10810)
web/admin: show matching user reputation scores in user details (#10276)
web/admin: widen prompt form (#10615)
web/elements: fix empty enterprise banner (#10882)
web/flows: clean up loading, syntax and transitions (#10792)
web/flows: don't grab focus for password input on identification stage (#10593)
web/flows: remove background image link (#10318)
web/flows: remove continue button from AutoSubmit stage (#10253)
web/flows: Simplified flow executor (#10296)

Fixed in 2024.8.1

core: bump cryptography from 43.0.0 to 43.0.1 (cherry-pick #11185) (#11202)
core: fix change_user_type always requiring usernames (cherry-pick #11177) (#11178)
core: fix missing argument name escaping for property mapping (cherry-pick #11231) (#11252)
internal: fix go paginator not setting page correctly (cherry-pick #11253) (#11255)
providers/ldap: fix incorrect permission check for search access (cherry-pick #11217) (#11218)
providers/ldap: fix migration assuming search group is set (cherry-pick #11170) (#11172)
providers/ldap: rework search_group migration to work with read replicas (cherry-pick #11228) (#11229)
root: backport s3 storage changes (cherry-pick #11181) (#11183)
web/admin: fix error in Outpost creation form (cherry-pick #11173) (#11175)
web/admin: fix misc dual select on different forms (#11203)
web/admin: fix missing Sync object button SCIM Provider (cherry-pick #11211) (#11213)
web/admin: improve error handling (cherry-pick #11212) (#11219)
web/users: show - if device was registered before we started saving the time (cherry-pick #11256) (#11257)

Fixed in 2024.8.2

core: ensure all providers have correct priority (cherry-pick #11280) (#11281)
core: ensure proxy provider is correctly looked up (cherry-pick #11267) (#11269)
core: fix permission check for scoped impersonation (cherry-pick #11315) (#11316)
enterprise: fix API mixin license validity check (cherry-pick #11331) (#11342)
enterprise: show specific error if Install ID is invalid in license (cherry-pick #11317) (#11319)
events: optimize marking events as seen (cherry-pick #11297) (#11299)
providers/proxy: fix URL path getting lost when partial URL is given to rd= (cherry-pick #11354) (#11355)
root: fix ensure outpost_connection_discovery runs on worker startup (cherry-pick #11260) (#11270)
sources/ldap: fix missing search attribute (cherry-pick #11125) (#11340)
web: revert lockfile lint, re-add integrity (#11380)
web/admin: fix notification property mapping forms (cherry-pick #11298) (#11300)

Fixed in 2024.8.3

events: always use expiry from current tenant for events, not only when creating from HTTP request (cherry-pick #11415) (#11416)
providers/proxy: fix traefik label generation (cherry-pick #11460) (#11480)
security: CVE-2024-47070, reported by @efpi-bot from LogicalTrust (cherry-pick #11536) (#11539)
security: CVE-2024-47077, reported by @quentinmit (cherry-pick #11535) (#11537)
sources/ldap: fix mapping check, fix debug endpoint (cherry-pick #11442) (#11498)
sources/ldap: fix ms_ad userAccountControl not checking for lockout (cherry-pick #11532) (#11534)
web: Fix missing integrity fields in package-lock.json (#11509)
web/admin: fix Authentication flow being required (cherry-pick #11496) (#11497)

Fixed in 2024.8.4

blueprints: fix validation error when using internal storage (cherry-pick #11654) (#11656)
core: fix permission check for scoped impersonation (cherry-pick #11603) (#11650)
internal: restore /ping behaviour for embedded outpost (cherry-pick #11568) (#11570)
policies/event_matcher: fix inconsistent behaviour (cherry-pick #11724) (#11726)
providers/oauth2: don't overwrite attributes when updating service account (cherry-pick #11709) (#11723)
providers/saml: fix incorrect ds:Reference URI (cherry-pick #11699) (#11701)
providers/scim: add comparison with existing group on update and delta update users (cherry-pick #11414) (#11796)
providers/scim: clamp batch size for patch requests (cherry-pick #11797) (#11802)
providers/scim: handle no members in group in consistency check (cherry-pick #11801) (#11812)
web/admin: fix invalid create date shown for MFA registered before date was saved (cherry-pick #11728) (#11729)
web/admin: fix sync single button throwing error (cherry-pick #11727) (#11730)

Fixed in 2024.8.5

security: fix CVE-2024-52287, reported by @matt1097 (#12114)
security: fix CVE-2024-52289, reported by @PontusHanssen (#12113)
security: fix CVE-2024-52307, reported by @mgerstner (#12115)
web/admin: better footer links (#12004)
web: bump API Client version (#12118)

Fixed in 2024.8.6

providers/oauth2: fix migration (cherry-pick #12138) (#12140)
providers/oauth2: fix redirect uri input (cherry-pick #12122) (#12128)
providers/proxy: fix redirect_uri (cherry-pick #12121) (#12126)
web: bump API Client version (cherry-pick #12129) (#12131)

API Changes

What's New

`GET` /outposts/ldap/{id}/check_access/

`GET` /outposts/radius/{id}/check_access/

`GET` /policies/geoip/

`POST` /policies/geoip/

`GET` /policies/geoip/{policy_uuid}/

`PUT` /policies/geoip/{policy_uuid}/

`DELETE` /policies/geoip/{policy_uuid}/

`PATCH` /policies/geoip/{policy_uuid}/

`GET` /policies/geoip/{policy_uuid}/used_by/

`GET` /policies/geoip_iso3166/

`GET` /propertymappings/provider/rac/

`POST` /propertymappings/provider/rac/

`GET` /propertymappings/provider/rac/{pm_uuid}/

`PUT` /propertymappings/provider/rac/{pm_uuid}/

`DELETE` /propertymappings/provider/rac/{pm_uuid}/

`PATCH` /propertymappings/provider/rac/{pm_uuid}/

`GET` /propertymappings/provider/rac/{pm_uuid}/used_by/

`GET` /propertymappings/provider/radius/

`POST` /propertymappings/provider/radius/

`GET` /propertymappings/provider/radius/{pm_uuid}/

`PUT` /propertymappings/provider/radius/{pm_uuid}/

`DELETE` /propertymappings/provider/radius/{pm_uuid}/

`PATCH` /propertymappings/provider/radius/{pm_uuid}/

`GET` /propertymappings/provider/radius/{pm_uuid}/used_by/

`GET` /propertymappings/provider/saml/

`POST` /propertymappings/provider/saml/

`GET` /propertymappings/provider/saml/{pm_uuid}/

`PUT` /propertymappings/provider/saml/{pm_uuid}/

`DELETE` /propertymappings/provider/saml/{pm_uuid}/

`PATCH` /propertymappings/provider/saml/{pm_uuid}/

`GET` /propertymappings/provider/saml/{pm_uuid}/used_by/

`GET` /propertymappings/provider/scim/

`POST` /propertymappings/provider/scim/

`GET` /propertymappings/provider/scim/{pm_uuid}/

`PUT` /propertymappings/provider/scim/{pm_uuid}/

`DELETE` /propertymappings/provider/scim/{pm_uuid}/

`PATCH` /propertymappings/provider/scim/{pm_uuid}/

`GET` /propertymappings/provider/scim/{pm_uuid}/used_by/

`GET` /propertymappings/provider/scope/

`POST` /propertymappings/provider/scope/

`GET` /propertymappings/provider/scope/{pm_uuid}/

`PUT` /propertymappings/provider/scope/{pm_uuid}/

`DELETE` /propertymappings/provider/scope/{pm_uuid}/

`PATCH` /propertymappings/provider/scope/{pm_uuid}/

`GET` /propertymappings/provider/scope/{pm_uuid}/used_by/

`GET` /propertymappings/source/ldap/

`POST` /propertymappings/source/ldap/

`GET` /propertymappings/source/ldap/{pm_uuid}/

`PUT` /propertymappings/source/ldap/{pm_uuid}/

`DELETE` /propertymappings/source/ldap/{pm_uuid}/

`PATCH` /propertymappings/source/ldap/{pm_uuid}/

`GET` /propertymappings/source/ldap/{pm_uuid}/used_by/

`GET` /propertymappings/source/oauth/

`POST` /propertymappings/source/oauth/

`GET` /propertymappings/source/oauth/{pm_uuid}/

`PUT` /propertymappings/source/oauth/{pm_uuid}/

`DELETE` /propertymappings/source/oauth/{pm_uuid}/

`PATCH` /propertymappings/source/oauth/{pm_uuid}/

`GET` /propertymappings/source/oauth/{pm_uuid}/used_by/

`GET` /propertymappings/source/plex/

`POST` /propertymappings/source/plex/

`GET` /propertymappings/source/plex/{pm_uuid}/

`PUT` /propertymappings/source/plex/{pm_uuid}/

`DELETE` /propertymappings/source/plex/{pm_uuid}/

`PATCH` /propertymappings/source/plex/{pm_uuid}/

`GET` /propertymappings/source/plex/{pm_uuid}/used_by/

`GET` /propertymappings/source/saml/

`POST` /propertymappings/source/saml/

`GET` /propertymappings/source/saml/{pm_uuid}/

`PUT` /propertymappings/source/saml/{pm_uuid}/

`DELETE` /propertymappings/source/saml/{pm_uuid}/

`PATCH` /propertymappings/source/saml/{pm_uuid}/

`GET` /propertymappings/source/saml/{pm_uuid}/used_by/

`GET` /propertymappings/source/scim/

`POST` /propertymappings/source/scim/

`GET` /propertymappings/source/scim/{pm_uuid}/

`PUT` /propertymappings/source/scim/{pm_uuid}/

`DELETE` /propertymappings/source/scim/{pm_uuid}/

`PATCH` /propertymappings/source/scim/{pm_uuid}/

`GET` /propertymappings/source/scim/{pm_uuid}/used_by/

`GET` /rbac/permissions/roles/{id}/

`PUT` /rbac/permissions/roles/{id}/

`DELETE` /rbac/permissions/roles/{id}/

`PATCH` /rbac/permissions/roles/{id}/

`GET` /rbac/permissions/users/{id}/

`PUT` /rbac/permissions/users/{id}/

`DELETE` /rbac/permissions/users/{id}/

`PATCH` /rbac/permissions/users/{id}/

`GET` /sources/group_connections/oauth/

`POST` /sources/group_connections/oauth/

`GET` /sources/group_connections/oauth/{id}/

`PUT` /sources/group_connections/oauth/{id}/

`DELETE` /sources/group_connections/oauth/{id}/

`PATCH` /sources/group_connections/oauth/{id}/

`GET` /sources/group_connections/oauth/{id}/used_by/

`GET` /sources/group_connections/plex/

`POST` /sources/group_connections/plex/

`GET` /sources/group_connections/plex/{id}/

`PUT` /sources/group_connections/plex/{id}/

`DELETE` /sources/group_connections/plex/{id}/

`PATCH` /sources/group_connections/plex/{id}/

`GET` /sources/group_connections/plex/{id}/used_by/

`GET` /sources/group_connections/saml/

`GET` /sources/group_connections/saml/{id}/

`PUT` /sources/group_connections/saml/{id}/

`DELETE` /sources/group_connections/saml/{id}/

`PATCH` /sources/group_connections/saml/{id}/

`GET` /sources/group_connections/saml/{id}/used_by/

What's Deleted

`GET` /outposts/ldap/{id}/

`GET` /outposts/proxy/{id}/

`GET` /outposts/radius/{id}/

`GET` /propertymappings/ldap/

`POST` /propertymappings/ldap/

`GET` /propertymappings/ldap/{pm_uuid}/

`PUT` /propertymappings/ldap/{pm_uuid}/

`DELETE` /propertymappings/ldap/{pm_uuid}/

`PATCH` /propertymappings/ldap/{pm_uuid}/

`GET` /propertymappings/ldap/{pm_uuid}/used_by/

`GET` /propertymappings/rac/

`POST` /propertymappings/rac/

`GET` /propertymappings/rac/{pm_uuid}/

`PUT` /propertymappings/rac/{pm_uuid}/

`DELETE` /propertymappings/rac/{pm_uuid}/

`PATCH` /propertymappings/rac/{pm_uuid}/

`GET` /propertymappings/rac/{pm_uuid}/used_by/

`GET` /propertymappings/saml/

`POST` /propertymappings/saml/

`GET` /propertymappings/saml/{pm_uuid}/

`PUT` /propertymappings/saml/{pm_uuid}/

`DELETE` /propertymappings/saml/{pm_uuid}/

`PATCH` /propertymappings/saml/{pm_uuid}/

`GET` /propertymappings/saml/{pm_uuid}/used_by/

`GET` /propertymappings/scim/

`POST` /propertymappings/scim/

`GET` /propertymappings/scim/{pm_uuid}/

`PUT` /propertymappings/scim/{pm_uuid}/

`DELETE` /propertymappings/scim/{pm_uuid}/

`PATCH` /propertymappings/scim/{pm_uuid}/

`GET` /propertymappings/scim/{pm_uuid}/used_by/

`GET` /propertymappings/scope/

`POST` /propertymappings/scope/

`GET` /propertymappings/scope/{pm_uuid}/

`PUT` /propertymappings/scope/{pm_uuid}/

`DELETE` /propertymappings/scope/{pm_uuid}/

`PATCH` /propertymappings/scope/{pm_uuid}/

`GET` /propertymappings/scope/{pm_uuid}/used_by/

What's Changed

`GET` /admin/version/

Return Type:

Changed response : 200 OK

Changed content type : application/json

New required properties:
- outpost_outdated
- Added property outpost_outdated (boolean)
  
  Check if any outpost is outdated/has a version mismatch

`GET` /authenticators/admin/all/

Return Type:

Changed response : 200 OK

Changed content type : application/json

Changed items (object): > Serializer for Duo authenticator devices

New required properties:
- created
- last_updated
- last_used
- Added property created (string)
- Added property last_updated (string)
- Added property last_used (string)

`GET` /authenticators/all/

Return Type:

Changed response : 200 OK

Changed content type : application/json

Changed items (object): > Serializer for Duo authenticator devices

New required properties:
- created
- last_updated
- last_used
- Added property created (string)
- Added property last_updated (string)
- Added property last_used (string)

`GET` /core/brands/{brand_uuid}/

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Added property default_application (string)
  
  When set, external users will be redirected to this application after authenticating.

`PUT` /core/brands/{brand_uuid}/

Request:

Changed content type : application/json

Added property default_application (string)

When set, external users will be redirected to this application after authenticating.

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Added property default_application (string)
  
  When set, external users will be redirected to this application after authenticating.

`PATCH` /core/brands/{brand_uuid}/

Request:

Changed content type : application/json

Added property default_application (string)

When set, external users will be redirected to this application after authenticating.

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Added property default_application (string)
  
  When set, external users will be redirected to this application after authenticating.

`GET` /enterprise/license/summary/

Return Type:

Changed response : 200 OK

Changed content type : application/json

New required properties:
- license_flags
- status
New optional properties:
- has_license
- read_only
- show_admin_warning
- show_user_warning
- valid
- Added property status (string)
  
  Enum values:
  - unlicensed
  - valid
  - expired
  - expiry_soon
  - limit_exceeded_admin
  - limit_exceeded_user
  - read_only
- Added property license_flags (array)
  
  Items (string):
  
  Enum values:
  - trial
  - non_production
- Deleted property valid (boolean)
- Deleted property show_admin_warning (boolean)
- Deleted property show_user_warning (boolean)
- Deleted property read_only (boolean)
- Deleted property has_license (boolean)

`GET` /policies/event_matcher/{policy_uuid}/

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property app (string)
  
  Match events created by selected application. When left empty, all applications are matched.
  
  Added enum value:
  - authentik.policies.geoip
- Changed property model (string)
  
  Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.
  
  Added enum values:
  - authentik_policies_geoip.geoippolicy
  - authentik_providers_radius.radiusproviderpropertymapping
  - authentik_sources_ldap.ldapsourcepropertymapping
  - authentik_sources_oauth.oauthsourcepropertymapping
  - authentik_sources_oauth.groupoauthsourceconnection
  - authentik_sources_plex.plexsourcepropertymapping
  - authentik_sources_plex.userplexsourceconnection
  - authentik_sources_plex.groupplexsourceconnection
  - authentik_sources_saml.samlsourcepropertymapping
  - authentik_sources_saml.groupsamlsourceconnection
  - authentik_sources_scim.scimsourcepropertymapping Removed enum values:
  - authentik_sources_ldap.ldappropertymapping
  - authentik_sources_plex.plexsourceconnection

`PUT` /policies/event_matcher/{policy_uuid}/

Request:

Changed content type : application/json

Changed property app (string)

Match events created by selected application. When left empty, all applications are matched.

Added enum value:
- authentik.policies.geoip
Changed property model (string)

Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.

Added enum values:
- authentik_policies_geoip.geoippolicy
- authentik_providers_radius.radiusproviderpropertymapping
- authentik_sources_ldap.ldapsourcepropertymapping
- authentik_sources_oauth.oauthsourcepropertymapping
- authentik_sources_oauth.groupoauthsourceconnection
- authentik_sources_plex.plexsourcepropertymapping
- authentik_sources_plex.userplexsourceconnection
- authentik_sources_plex.groupplexsourceconnection
- authentik_sources_saml.samlsourcepropertymapping
- authentik_sources_saml.groupsamlsourceconnection
- authentik_sources_scim.scimsourcepropertymapping Removed enum values:
- authentik_sources_ldap.ldappropertymapping
- authentik_sources_plex.plexsourceconnection

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property app (string)
  
  Match events created by selected application. When left empty, all applications are matched.
  
  Added enum value:
  - authentik.policies.geoip
- Changed property model (string)
  
  Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.
  
  Added enum values:
  - authentik_policies_geoip.geoippolicy
  - authentik_providers_radius.radiusproviderpropertymapping
  - authentik_sources_ldap.ldapsourcepropertymapping
  - authentik_sources_oauth.oauthsourcepropertymapping
  - authentik_sources_oauth.groupoauthsourceconnection
  - authentik_sources_plex.plexsourcepropertymapping
  - authentik_sources_plex.userplexsourceconnection
  - authentik_sources_plex.groupplexsourceconnection
  - authentik_sources_saml.samlsourcepropertymapping
  - authentik_sources_saml.groupsamlsourceconnection
  - authentik_sources_scim.scimsourcepropertymapping Removed enum values:
  - authentik_sources_ldap.ldappropertymapping
  - authentik_sources_plex.plexsourceconnection

`PATCH` /policies/event_matcher/{policy_uuid}/

Request:

Changed content type : application/json

Changed property app (string)

Match events created by selected application. When left empty, all applications are matched.

Added enum value:
- authentik.policies.geoip
Changed property model (string)

Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.

Added enum values:
- authentik_policies_geoip.geoippolicy
- authentik_providers_radius.radiusproviderpropertymapping
- authentik_sources_ldap.ldapsourcepropertymapping
- authentik_sources_oauth.oauthsourcepropertymapping
- authentik_sources_oauth.groupoauthsourceconnection
- authentik_sources_plex.plexsourcepropertymapping
- authentik_sources_plex.userplexsourceconnection
- authentik_sources_plex.groupplexsourceconnection
- authentik_sources_saml.samlsourcepropertymapping
- authentik_sources_saml.groupsamlsourceconnection
- authentik_sources_scim.scimsourcepropertymapping Removed enum values:
- authentik_sources_ldap.ldappropertymapping
- authentik_sources_plex.plexsourceconnection

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property app (string)
  
  Match events created by selected application. When left empty, all applications are matched.
  
  Added enum value:
  - authentik.policies.geoip
- Changed property model (string)
  
  Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.
  
  Added enum values:
  - authentik_policies_geoip.geoippolicy
  - authentik_providers_radius.radiusproviderpropertymapping
  - authentik_sources_ldap.ldapsourcepropertymapping
  - authentik_sources_oauth.oauthsourcepropertymapping
  - authentik_sources_oauth.groupoauthsourceconnection
  - authentik_sources_plex.plexsourcepropertymapping
  - authentik_sources_plex.userplexsourceconnection
  - authentik_sources_plex.groupplexsourceconnection
  - authentik_sources_saml.samlsourcepropertymapping
  - authentik_sources_saml.groupsamlsourceconnection
  - authentik_sources_scim.scimsourcepropertymapping Removed enum values:
  - authentik_sources_ldap.ldappropertymapping
  - authentik_sources_plex.plexsourceconnection

`GET` /providers/google_workspace_groups/{id}/

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property group_obj (object)
  
  Simplified Group Serializer for user's groups
  - Changed property name (string)

`GET` /providers/microsoft_entra_groups/{id}/

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property group_obj (object)
  
  Simplified Group Serializer for user's groups
  - Changed property name (string)

`GET` /providers/scim_groups/{id}/

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property group_obj (object)
  
  Simplified Group Serializer for user's groups
  - Changed property name (string)

`GET` /sources/scim_groups/{id}/

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property group_obj (object)
  
  Simplified Group Serializer for user's groups
  - Changed property name (string)

`PUT` /sources/scim_groups/{id}/

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property group_obj (object)
  
  Simplified Group Serializer for user's groups
  - Changed property name (string)

`PATCH` /sources/scim_groups/{id}/

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property group_obj (object)
  
  Simplified Group Serializer for user's groups
  - Changed property name (string)

`POST` /core/brands/

Request:

Changed content type : application/json

Added property default_application (string)

When set, external users will be redirected to this application after authenticating.

Return Type:

Changed response : 201 Created

Changed content type : application/json
- Added property default_application (string)
  
  When set, external users will be redirected to this application after authenticating.

`GET` /core/brands/

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property results (array)
  
  Changed items (object): > Brand Serializer
  - Added property default_application (string)
    
    When set, external users will be redirected to this application after authenticating.

`GET` /core/groups/{group_uuid}/

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property name (string)

`PUT` /core/groups/{group_uuid}/

Request:

Changed content type : application/json

Changed property name (string)

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property name (string)

`PATCH` /core/groups/{group_uuid}/

Request:

Changed content type : application/json

Changed property name (string)

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property name (string)

`GET` /core/tokens/{identifier}/

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property user_obj (object)
  
  User Serializer
  - Changed property groups_obj (array)
    
    Changed items (object): > Simplified Group Serializer for user's groups
    - Changed property name (string)

`PUT` /core/tokens/{identifier}/

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property user_obj (object)
  
  User Serializer
  - Changed property groups_obj (array)
    
    Changed items (object): > Simplified Group Serializer for user's groups
    - Changed property name (string)

`PATCH` /core/tokens/{identifier}/

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property user_obj (object)
  
  User Serializer
  - Changed property groups_obj (array)
    
    Changed items (object): > Simplified Group Serializer for user's groups
    - Changed property name (string)

`GET` /core/users/{id}/

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property groups_obj (array)
  
  Changed items (object): > Simplified Group Serializer for user's groups
  - Changed property name (string)

`PUT` /core/users/{id}/

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property groups_obj (array)
  
  Changed items (object): > Simplified Group Serializer for user's groups
  - Changed property name (string)

`PATCH` /core/users/{id}/

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property groups_obj (array)
  
  Changed items (object): > Simplified Group Serializer for user's groups
  - Changed property name (string)

`GET` /events/rules/{pbm_uuid}/

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property group_obj (object)
  
  Group Serializer
  - Changed property name (string)

`PUT` /events/rules/{pbm_uuid}/

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property group_obj (object)
  
  Group Serializer
  - Changed property name (string)

`PATCH` /events/rules/{pbm_uuid}/

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property group_obj (object)
  
  Group Serializer
  - Changed property name (string)

`GET` /policies/bindings/{policy_binding_uuid}/

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property group_obj (object)
  
  Group Serializer
  - Changed property name (string)
- Changed property user_obj (object)
  
  User Serializer
  - Changed property groups_obj (array)
    
    Changed items (object): > Simplified Group Serializer for user's groups
    - Changed property name (string)

`PUT` /policies/bindings/{policy_binding_uuid}/

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property group_obj (object)
  
  Group Serializer
  - Changed property name (string)
- Changed property user_obj (object)
  
  User Serializer
  - Changed property groups_obj (array)
    
    Changed items (object): > Simplified Group Serializer for user's groups
    - Changed property name (string)

`PATCH` /policies/bindings/{policy_binding_uuid}/

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property group_obj (object)
  
  Group Serializer
  - Changed property name (string)
- Changed property user_obj (object)
  
  User Serializer
  - Changed property groups_obj (array)
    
    Changed items (object): > Simplified Group Serializer for user's groups
    - Changed property name (string)

`POST` /policies/event_matcher/

Request:

Changed content type : application/json

Changed property app (string)

Match events created by selected application. When left empty, all applications are matched.

Added enum value:
- authentik.policies.geoip
Changed property model (string)

Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.

Added enum values:
- authentik_policies_geoip.geoippolicy
- authentik_providers_radius.radiusproviderpropertymapping
- authentik_sources_ldap.ldapsourcepropertymapping
- authentik_sources_oauth.oauthsourcepropertymapping
- authentik_sources_oauth.groupoauthsourceconnection
- authentik_sources_plex.plexsourcepropertymapping
- authentik_sources_plex.userplexsourceconnection
- authentik_sources_plex.groupplexsourceconnection
- authentik_sources_saml.samlsourcepropertymapping
- authentik_sources_saml.groupsamlsourceconnection
- authentik_sources_scim.scimsourcepropertymapping Removed enum values:
- authentik_sources_ldap.ldappropertymapping
- authentik_sources_plex.plexsourceconnection

Return Type:

Changed response : 201 Created

Changed content type : application/json
- Changed property app (string)
  
  Match events created by selected application. When left empty, all applications are matched.
  
  Added enum value:
  - authentik.policies.geoip
- Changed property model (string)
  
  Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.
  
  Added enum values:
  - authentik_policies_geoip.geoippolicy
  - authentik_providers_radius.radiusproviderpropertymapping
  - authentik_sources_ldap.ldapsourcepropertymapping
  - authentik_sources_oauth.oauthsourcepropertymapping
  - authentik_sources_oauth.groupoauthsourceconnection
  - authentik_sources_plex.plexsourcepropertymapping
  - authentik_sources_plex.userplexsourceconnection
  - authentik_sources_plex.groupplexsourceconnection
  - authentik_sources_saml.samlsourcepropertymapping
  - authentik_sources_saml.groupsamlsourceconnection
  - authentik_sources_scim.scimsourcepropertymapping Removed enum values:
  - authentik_sources_ldap.ldappropertymapping
  - authentik_sources_plex.plexsourceconnection

`GET` /policies/event_matcher/

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property results (array)
  
  Changed items (object): > Event Matcher Policy Serializer
  - Changed property app (string)
    
    Match events created by selected application. When left empty, all applications are matched.
    
    Added enum value:
    - authentik.policies.geoip
  - Changed property model (string)
    
    Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched.
    
    Added enum values:
    - authentik_policies_geoip.geoippolicy
    - authentik_providers_radius.radiusproviderpropertymapping
    - authentik_sources_ldap.ldapsourcepropertymapping
    - authentik_sources_oauth.oauthsourcepropertymapping
    - authentik_sources_oauth.groupoauthsourceconnection
    - authentik_sources_plex.plexsourcepropertymapping
    - authentik_sources_plex.userplexsourceconnection
    - authentik_sources_plex.groupplexsourceconnection
    - authentik_sources_saml.samlsourcepropertymapping
    - authentik_sources_saml.groupsamlsourceconnection
    - authentik_sources_scim.scimsourcepropertymapping Removed enum values:
    - authentik_sources_ldap.ldappropertymapping
    - authentik_sources_plex.plexsourceconnection

`GET` /propertymappings/all/

Parameters:

Added: managed in query

Added: name in query

`POST` /providers/google_workspace_groups/

Return Type:

Changed response : 201 Created

Changed content type : application/json
- Changed property group_obj (object)
  
  Simplified Group Serializer for user's groups
  - Changed property name (string)

`GET` /providers/google_workspace_groups/

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property results (array)
  
  Changed items (object): > GoogleWorkspaceProviderGroup Serializer
  - Changed property group_obj (object)
    
    Simplified Group Serializer for user's groups
    - Changed property name (string)

`GET` /providers/ldap/{id}/

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Deleted property search_group (string)
  
  Users in this group can do search queries. If not set, every user can execute search queries.

`PUT` /providers/ldap/{id}/

Request:

Changed content type : application/json

Deleted property search_group (string)

Users in this group can do search queries. If not set, every user can execute search queries.

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Deleted property search_group (string)
  
  Users in this group can do search queries. If not set, every user can execute search queries.

`PATCH` /providers/ldap/{id}/

Request:

Changed content type : application/json

Deleted property search_group (string)

Users in this group can do search queries. If not set, every user can execute search queries.

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Deleted property search_group (string)
  
  Users in this group can do search queries. If not set, every user can execute search queries.

`POST` /providers/microsoft_entra_groups/

Return Type:

Changed response : 201 Created

Changed content type : application/json
- Changed property group_obj (object)
  
  Simplified Group Serializer for user's groups
  - Changed property name (string)

`GET` /providers/microsoft_entra_groups/

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property results (array)
  
  Changed items (object): > MicrosoftEntraProviderGroup Serializer
  - Changed property group_obj (object)
    
    Simplified Group Serializer for user's groups
    - Changed property name (string)

`GET` /providers/saml/{id}/

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Added property encryption_kp (string)
  
  When selected, incoming assertions are encrypted by the IdP using the public key of the encryption keypair. The assertion is decrypted by the SP using the private key.
- Added property sign_assertion (boolean)
- Added property sign_response (boolean)

`PUT` /providers/saml/{id}/

Request:

Changed content type : application/json

Added property encryption_kp (string)

When selected, incoming assertions are encrypted by the IdP using the public key of the encryption keypair. The assertion is decrypted by the SP using the private key.
Added property sign_assertion (boolean)
Added property sign_response (boolean)

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Added property encryption_kp (string)
  
  When selected, incoming assertions are encrypted by the IdP using the public key of the encryption keypair. The assertion is decrypted by the SP using the private key.
- Added property sign_assertion (boolean)
- Added property sign_response (boolean)

`PATCH` /providers/saml/{id}/

Request:

Changed content type : application/json

Added property encryption_kp (string)

When selected, incoming assertions are encrypted by the IdP using the public key of the encryption keypair. The assertion is decrypted by the SP using the private key.
Added property sign_assertion (boolean)
Added property sign_response (boolean)

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Added property encryption_kp (string)
  
  When selected, incoming assertions are encrypted by the IdP using the public key of the encryption keypair. The assertion is decrypted by the SP using the private key.
- Added property sign_assertion (boolean)
- Added property sign_response (boolean)

`POST` /providers/scim_groups/

Return Type:

Changed response : 201 Created

Changed content type : application/json
- Changed property group_obj (object)
  
  Simplified Group Serializer for user's groups
  - Changed property name (string)

`GET` /providers/scim_groups/

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property results (array)
  
  Changed items (object): > SCIMProviderGroup Serializer
  - Changed property group_obj (object)
    
    Simplified Group Serializer for user's groups
    - Changed property name (string)

`POST` /rbac/permissions/assigned_by_roles/{uuid}/assign/

Request:

Changed content type : application/json

Changed property model (string)

Added enum values:
- authentik_policies_geoip.geoippolicy
- authentik_providers_radius.radiusproviderpropertymapping
- authentik_sources_ldap.ldapsourcepropertymapping
- authentik_sources_oauth.oauthsourcepropertymapping
- authentik_sources_oauth.groupoauthsourceconnection
- authentik_sources_plex.plexsourcepropertymapping
- authentik_sources_plex.userplexsourceconnection
- authentik_sources_plex.groupplexsourceconnection
- authentik_sources_saml.samlsourcepropertymapping
- authentik_sources_saml.groupsamlsourceconnection
- authentik_sources_scim.scimsourcepropertymapping Removed enum values:
- authentik_sources_ldap.ldappropertymapping
- authentik_sources_plex.plexsourceconnection

Return Type:

New response : 200 OK Deleted response : 204 No Content

Successfully assigned

`PATCH` /rbac/permissions/assigned_by_roles/{uuid}/unassign/

Request:

Changed content type : application/json

Changed property model (string)

Added enum values:
- authentik_policies_geoip.geoippolicy
- authentik_providers_radius.radiusproviderpropertymapping
- authentik_sources_ldap.ldapsourcepropertymapping
- authentik_sources_oauth.oauthsourcepropertymapping
- authentik_sources_oauth.groupoauthsourceconnection
- authentik_sources_plex.plexsourcepropertymapping
- authentik_sources_plex.userplexsourceconnection
- authentik_sources_plex.groupplexsourceconnection
- authentik_sources_saml.samlsourcepropertymapping
- authentik_sources_saml.groupsamlsourceconnection
- authentik_sources_scim.scimsourcepropertymapping Removed enum values:
- authentik_sources_ldap.ldappropertymapping
- authentik_sources_plex.plexsourceconnection

`POST` /rbac/permissions/assigned_by_users/{id}/assign/

Request:

Changed content type : application/json

Changed property model (string)

Added enum values:
- authentik_policies_geoip.geoippolicy
- authentik_providers_radius.radiusproviderpropertymapping
- authentik_sources_ldap.ldapsourcepropertymapping
- authentik_sources_oauth.oauthsourcepropertymapping
- authentik_sources_oauth.groupoauthsourceconnection
- authentik_sources_plex.plexsourcepropertymapping
- authentik_sources_plex.userplexsourceconnection
- authentik_sources_plex.groupplexsourceconnection
- authentik_sources_saml.samlsourcepropertymapping
- authentik_sources_saml.groupsamlsourceconnection
- authentik_sources_scim.scimsourcepropertymapping Removed enum values:
- authentik_sources_ldap.ldappropertymapping
- authentik_sources_plex.plexsourceconnection

Return Type:

New response : 200 OK Deleted response : 204 No Content

Successfully assigned

`PATCH` /rbac/permissions/assigned_by_users/{id}/unassign/

Request:

Changed content type : application/json

Changed property model (string)

Added enum values:
- authentik_policies_geoip.geoippolicy
- authentik_providers_radius.radiusproviderpropertymapping
- authentik_sources_ldap.ldapsourcepropertymapping
- authentik_sources_oauth.oauthsourcepropertymapping
- authentik_sources_oauth.groupoauthsourceconnection
- authentik_sources_plex.plexsourcepropertymapping
- authentik_sources_plex.userplexsourceconnection
- authentik_sources_plex.groupplexsourceconnection
- authentik_sources_saml.samlsourcepropertymapping
- authentik_sources_saml.groupsamlsourceconnection
- authentik_sources_scim.scimsourcepropertymapping Removed enum values:
- authentik_sources_ldap.ldappropertymapping
- authentik_sources_plex.plexsourceconnection

`GET` /rbac/permissions/roles/

Parameters:

Changed: uuid in query

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property results (array)
  
  Changed items (object): > User permission with additional object-related data
  - Changed property object_pk (string)

`GET` /rbac/permissions/users/

Parameters:

Changed: user_id in query

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property results (array)
  
  Changed items (object): > User permission with additional object-related data
  - Changed property object_pk (string)

`GET` /sources/all/{slug}/

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Added property user_property_mappings (array)
  
  Items (string):
- Added property group_property_mappings (array)

`GET` /sources/ldap/{slug}/

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Added property user_property_mappings (array)
- Added property group_property_mappings (array)
- Deleted property property_mappings (array)
- Deleted property property_mappings_group (array)
  
  Property mappings used for group creation/updating.

`PUT` /sources/ldap/{slug}/

Request:

Changed content type : application/json

Added property user_property_mappings (array)
Added property group_property_mappings (array)
Deleted property property_mappings (array)
Deleted property property_mappings_group (array)

Property mappings used for group creation/updating.

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Added property user_property_mappings (array)
- Added property group_property_mappings (array)
- Deleted property property_mappings (array)
- Deleted property property_mappings_group (array)
  
  Property mappings used for group creation/updating.

`PATCH` /sources/ldap/{slug}/

Request:

Changed content type : application/json

Added property user_property_mappings (array)
Added property group_property_mappings (array)
Deleted property property_mappings (array)
Deleted property property_mappings_group (array)

Property mappings used for group creation/updating.

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Added property user_property_mappings (array)
- Added property group_property_mappings (array)
- Deleted property property_mappings (array)
- Deleted property property_mappings_group (array)
  
  Property mappings used for group creation/updating.

`GET` /sources/oauth/{slug}/

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Added property user_property_mappings (array)
- Added property group_property_mappings (array)
- Added property group_matching_mode (object)
  
  How the source determines if an existing group should be used or a new group created.
  
  Enum values:
  - identifier
  - name_link
  - name_deny

`PUT` /sources/oauth/{slug}/

Request:

Changed content type : application/json

Added property user_property_mappings (array)
Added property group_property_mappings (array)
Added property group_matching_mode (object)

How the source determines if an existing group should be used or a new group created.

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Added property user_property_mappings (array)
- Added property group_property_mappings (array)
- Added property group_matching_mode (object)
  
  How the source determines if an existing group should be used or a new group created.

`PATCH` /sources/oauth/{slug}/

Request:

Changed content type : application/json

Added property user_property_mappings (array)
Added property group_property_mappings (array)
Added property group_matching_mode (object)

How the source determines if an existing group should be used or a new group created.

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Added property user_property_mappings (array)
- Added property group_property_mappings (array)
- Added property group_matching_mode (object)
  
  How the source determines if an existing group should be used or a new group created.

`GET` /sources/plex/{slug}/

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Added property user_property_mappings (array)
- Added property group_property_mappings (array)
- Added property group_matching_mode (object)
  
  How the source determines if an existing group should be used or a new group created.

`PUT` /sources/plex/{slug}/

Request:

Changed content type : application/json

Added property user_property_mappings (array)
Added property group_property_mappings (array)
Added property group_matching_mode (object)

How the source determines if an existing group should be used or a new group created.

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Added property user_property_mappings (array)
- Added property group_property_mappings (array)
- Added property group_matching_mode (object)
  
  How the source determines if an existing group should be used or a new group created.

`PATCH` /sources/plex/{slug}/

Request:

Changed content type : application/json

Added property user_property_mappings (array)
Added property group_property_mappings (array)
Added property group_matching_mode (object)

How the source determines if an existing group should be used or a new group created.

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Added property user_property_mappings (array)
- Added property group_property_mappings (array)
- Added property group_matching_mode (object)
  
  How the source determines if an existing group should be used or a new group created.

`GET` /sources/saml/{slug}/

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Added property user_property_mappings (array)
- Added property group_property_mappings (array)
- Added property group_matching_mode (object)
  
  How the source determines if an existing group should be used or a new group created.
- Added property encryption_kp (string)
  
  When selected, incoming assertions are encrypted by the IdP using the public key of the encryption keypair. The assertion is decrypted by the SP using the private key.

`PUT` /sources/saml/{slug}/

Request:

Changed content type : application/json

Added property user_property_mappings (array)
Added property group_property_mappings (array)
Added property group_matching_mode (object)

How the source determines if an existing group should be used or a new group created.
Added property encryption_kp (string)

When selected, incoming assertions are encrypted by the IdP using the public key of the encryption keypair. The assertion is decrypted by the SP using the private key.

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Added property user_property_mappings (array)
- Added property group_property_mappings (array)
- Added property group_matching_mode (object)
  
  How the source determines if an existing group should be used or a new group created.
- Added property encryption_kp (string)
  
  When selected, incoming assertions are encrypted by the IdP using the public key of the encryption keypair. The assertion is decrypted by the SP using the private key.

`PATCH` /sources/saml/{slug}/

Request:

Changed content type : application/json

Added property user_property_mappings (array)
Added property group_property_mappings (array)
Added property group_matching_mode (object)

How the source determines if an existing group should be used or a new group created.
Added property encryption_kp (string)

When selected, incoming assertions are encrypted by the IdP using the public key of the encryption keypair. The assertion is decrypted by the SP using the private key.

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Added property user_property_mappings (array)
- Added property group_property_mappings (array)
- Added property group_matching_mode (object)
  
  How the source determines if an existing group should be used or a new group created.
- Added property encryption_kp (string)
  
  When selected, incoming assertions are encrypted by the IdP using the public key of the encryption keypair. The assertion is decrypted by the SP using the private key.

`GET` /sources/scim/{slug}/

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Added property user_property_mappings (array)
- Added property group_property_mappings (array)
- Deleted property user_matching_mode (object)
  
  How the source determines if an existing user should be authenticated or a new user enrolled.
- Changed property token_obj (object)
  
  Token Serializer
  - Changed property user_obj (object)
    
    User Serializer
    - Changed property groups_obj (array)
      
      Changed items (object): > Simplified Group Serializer for user's groups
      - Changed property name (string)

`PUT` /sources/scim/{slug}/

Request:

Changed content type : application/json

Added property user_property_mappings (array)
Added property group_property_mappings (array)
Deleted property user_matching_mode (object)

How the source determines if an existing user should be authenticated or a new user enrolled.

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Added property user_property_mappings (array)
- Added property group_property_mappings (array)
- Deleted property user_matching_mode (object)
  
  How the source determines if an existing user should be authenticated or a new user enrolled.
- Changed property token_obj (object)
  
  Token Serializer
  - Changed property user_obj (object)
    
    User Serializer
    - Changed property groups_obj (array)
      
      Changed items (object): > Simplified Group Serializer for user's groups
      - Changed property name (string)

`PATCH` /sources/scim/{slug}/

Request:

Changed content type : application/json

Added property user_property_mappings (array)
Added property group_property_mappings (array)
Deleted property user_matching_mode (object)

How the source determines if an existing user should be authenticated or a new user enrolled.

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Added property user_property_mappings (array)
- Added property group_property_mappings (array)
- Deleted property user_matching_mode (object)
  
  How the source determines if an existing user should be authenticated or a new user enrolled.
- Changed property token_obj (object)
  
  Token Serializer
  - Changed property user_obj (object)
    
    User Serializer
    - Changed property groups_obj (array)
      
      Changed items (object): > Simplified Group Serializer for user's groups
      - Changed property name (string)

`POST` /sources/scim_groups/

Return Type:

Changed response : 201 Created

Changed content type : application/json
- Changed property group_obj (object)
  
  Simplified Group Serializer for user's groups
  - Changed property name (string)

`GET` /sources/scim_groups/

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property results (array)
  
  Changed items (object): > SCIMSourceGroup Serializer
  - Changed property group_obj (object)
    
    Simplified Group Serializer for user's groups
    - Changed property name (string)

`GET` /sources/user_connections/all/{id}/

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property source (object)
  
  Source Serializer
  - Added property user_property_mappings (array)
  - Added property group_property_mappings (array)

`PUT` /sources/user_connections/all/{id}/

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property source (object)
  
  Source Serializer
  - Added property user_property_mappings (array)
  - Added property group_property_mappings (array)

`PATCH` /sources/user_connections/all/{id}/

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property source (object)
  
  Source Serializer
  - Added property user_property_mappings (array)
  - Added property group_property_mappings (array)

`GET` /sources/user_connections/oauth/{id}/

Return Type:

Changed response : 200 OK

Changed content type : application/json

New required properties:
- created
- Added property created (string)
- Changed property user (integer)
- Changed property source (object)
  
  Source Serializer
  - Added property user_property_mappings (array)
  - Added property group_property_mappings (array)

`PUT` /sources/user_connections/oauth/{id}/

Request:

Changed content type : application/json

New optional properties:

user

Deleted property user (integer)

Return Type:

Changed response : 200 OK

Changed content type : application/json

New required properties:
- created
- Added property created (string)
- Changed property user (integer)
- Changed property source (object)
  
  Source Serializer
  - Added property user_property_mappings (array)
  - Added property group_property_mappings (array)

`PATCH` /sources/user_connections/oauth/{id}/

Request:

Changed content type : application/json

Deleted property user (integer)

Return Type:

Changed response : 200 OK

Changed content type : application/json

New required properties:
- created
- Added property created (string)
- Changed property user (integer)
- Changed property source (object)
  
  Source Serializer
  - Added property user_property_mappings (array)
  - Added property group_property_mappings (array)

`GET` /sources/user_connections/plex/{id}/

Return Type:

Changed response : 200 OK

Changed content type : application/json

New required properties:
- created
New optional properties:
- plex_token
- Added property created (string)
- Deleted property plex_token (string)
- Changed property source (object)
  
  Source Serializer
  - Added property user_property_mappings (array)
  - Added property group_property_mappings (array)

`PUT` /sources/user_connections/plex/{id}/

Request:

Changed content type : application/json

Changed property plex_token (string)

Return Type:

Changed response : 200 OK

Changed content type : application/json

New required properties:
- created
New optional properties:
- plex_token
- Added property created (string)
- Deleted property plex_token (string)
- Changed property source (object)
  
  Source Serializer
  - Added property user_property_mappings (array)
  - Added property group_property_mappings (array)

`PATCH` /sources/user_connections/plex/{id}/

Request:

Changed content type : application/json

Changed property plex_token (string)

Return Type:

Changed response : 200 OK

Changed content type : application/json

New required properties:
- created
New optional properties:
- plex_token
- Added property created (string)
- Deleted property plex_token (string)
- Changed property source (object)
  
  Source Serializer
  - Added property user_property_mappings (array)
  - Added property group_property_mappings (array)

`GET` /sources/user_connections/saml/{id}/

Return Type:

Changed response : 200 OK

Changed content type : application/json

New required properties:
- created
- Added property created (string)
- Changed property user (integer)
- Changed property source (object)
  
  Source Serializer
  - Added property user_property_mappings (array)
  - Added property group_property_mappings (array)

`PUT` /sources/user_connections/saml/{id}/

Request:

Changed content type : application/json

New optional properties:

user

Deleted property user (integer)

Return Type:

Changed response : 200 OK

Changed content type : application/json

New required properties:
- created
- Added property created (string)
- Changed property user (integer)
- Changed property source (object)
  
  Source Serializer
  - Added property user_property_mappings (array)
  - Added property group_property_mappings (array)

`PATCH` /sources/user_connections/saml/{id}/

Request:

Changed content type : application/json

Deleted property user (integer)

Return Type:

Changed response : 200 OK

Changed content type : application/json

New required properties:
- created
- Added property created (string)
- Changed property user (integer)
- Changed property source (object)
  
  Source Serializer
  - Added property user_property_mappings (array)
  - Added property group_property_mappings (array)

`GET` /core/applications/

Parameters:

Added: only_with_launch_url in query

`POST` /core/groups/

Request:

Changed content type : application/json

Changed property name (string)

Return Type:

Changed response : 201 Created

Changed content type : application/json
- Changed property name (string)

`GET` /core/groups/

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property results (array)
  
  Changed items (object): > Group Serializer
  - Changed property name (string)

`POST` /core/tokens/

Return Type:

Changed response : 201 Created

Changed content type : application/json
- Changed property user_obj (object)
  
  User Serializer
  - Changed property groups_obj (array)
    
    Changed items (object): > Simplified Group Serializer for user's groups
    - Changed property name (string)

`GET` /core/tokens/

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property results (array)
  
  Changed items (object): > Token Serializer
  - Changed property user_obj (object)
    
    User Serializer
    - Changed property groups_obj (array)
      
      Changed items (object): > Simplified Group Serializer for user's groups
      - Changed property name (string)

`GET` /core/user_consent/{id}/

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property user (object)
  
  User Serializer
  - Changed property groups_obj (array)
    
    Changed items (object): > Simplified Group Serializer for user's groups
    - Changed property name (string)

`POST` /core/users/

Return Type:

Changed response : 201 Created

Changed content type : application/json
- Changed property groups_obj (array)
  
  Changed items (object): > Simplified Group Serializer for user's groups
  - Changed property name (string)

`GET` /core/users/

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property results (array)
  
  Changed items (object): > User Serializer
  - Changed property groups_obj (array)
    
    Changed items (object): > Simplified Group Serializer for user's groups
    - Changed property name (string)

`POST` /events/rules/

Return Type:

Changed response : 201 Created

Changed content type : application/json
- Changed property group_obj (object)
  
  Group Serializer
  - Changed property name (string)

`GET` /events/rules/

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property results (array)
  
  Changed items (object): > NotificationRule Serializer
  - Changed property group_obj (object)
    
    Group Serializer
    - Changed property name (string)

`GET` /oauth2/access_tokens/{id}/

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property user (object)
  
  User Serializer
  - Changed property groups_obj (array)
    
    Changed items (object): > Simplified Group Serializer for user's groups
    - Changed property name (string)

`GET` /oauth2/authorization_codes/{id}/

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property user (object)
  
  User Serializer
  - Changed property groups_obj (array)
    
    Changed items (object): > Simplified Group Serializer for user's groups
    - Changed property name (string)

`GET` /oauth2/refresh_tokens/{id}/

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property user (object)
  
  User Serializer
  - Changed property groups_obj (array)
    
    Changed items (object): > Simplified Group Serializer for user's groups
    - Changed property name (string)

`GET` /outposts/ldap/

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property results (array)
  
  Changed items (object): > LDAPProvider Serializer
  - Deleted property search_group (string)
    
    Users in this group can do search queries. If not set, every user can execute search queries.

`POST` /policies/bindings/

Return Type:

Changed response : 201 Created

Changed content type : application/json
- Changed property group_obj (object)
  
  Group Serializer
  - Changed property name (string)
- Changed property user_obj (object)
  
  User Serializer
  - Changed property groups_obj (array)
    
    Changed items (object): > Simplified Group Serializer for user's groups
    - Changed property name (string)

`GET` /policies/bindings/

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property results (array)
  
  Changed items (object): > PolicyBinding Serializer
  - Changed property group_obj (object)
    
    Group Serializer
    - Changed property name (string)
  - Changed property user_obj (object)
    
    User Serializer
    - Changed property groups_obj (array)
      
      Changed items (object): > Simplified Group Serializer for user's groups
      - Changed property name (string)

`POST` /providers/ldap/

Request:

Changed content type : application/json

Deleted property search_group (string)

Users in this group can do search queries. If not set, every user can execute search queries.

Return Type:

Changed response : 201 Created

Changed content type : application/json
- Deleted property search_group (string)
  
  Users in this group can do search queries. If not set, every user can execute search queries.

`GET` /providers/ldap/

Parameters:

Deleted: search_group__group_uuid__iexact in query

Deleted: search_group__name__iexact in query

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property results (array)
  
  Changed items (object): > LDAPProvider Serializer
  - Deleted property search_group (string)
    
    Users in this group can do search queries. If not set, every user can execute search queries.

`POST` /providers/saml/

Request:

Changed content type : application/json

Added property encryption_kp (string)

When selected, incoming assertions are encrypted by the IdP using the public key of the encryption keypair. The assertion is decrypted by the SP using the private key.
Added property sign_assertion (boolean)
Added property sign_response (boolean)

Return Type:

Changed response : 201 Created

Changed content type : application/json
- Added property encryption_kp (string)
  
  When selected, incoming assertions are encrypted by the IdP using the public key of the encryption keypair. The assertion is decrypted by the SP using the private key.
- Added property sign_assertion (boolean)
- Added property sign_response (boolean)

`GET` /providers/saml/

Parameters:

Added: encryption_kp in query

Added: sign_assertion in query

Added: sign_response in query

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property results (array)
  
  Changed items (object): > SAMLProvider Serializer
  - Added property encryption_kp (string)
    
    When selected, incoming assertions are encrypted by the IdP using the public key of the encryption keypair. The assertion is decrypted by the SP using the private key.
  - Added property sign_assertion (boolean)
  - Added property sign_response (boolean)

`GET` /rbac/permissions/assigned_by_roles/

Parameters:

Changed: model in query

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property results (array)
  
  Changed items (object): > Roles assigned object permission serializer
  - Changed property permissions (array)
    
    Changed items (object): > Role-bound object level permission
    - Changed property object_pk (string)

`GET` /rbac/permissions/assigned_by_users/

Parameters:

Changed: model in query

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property results (array)
  
  Changed items (object): > Users assigned object permission serializer
  - Changed property permissions (array)
    
    Changed items (object): > User-bound object level permission
    - Changed property object_pk (string)

`GET` /sources/all/

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property results (array)
  
  Changed items (object): > Source Serializer
  - Added property user_property_mappings (array)
  - Added property group_property_mappings (array)

`POST` /sources/ldap/

Request:

Changed content type : application/json

Added property user_property_mappings (array)
Added property group_property_mappings (array)
Deleted property property_mappings (array)
Deleted property property_mappings_group (array)

Property mappings used for group creation/updating.

Return Type:

Changed response : 201 Created

Changed content type : application/json
- Added property user_property_mappings (array)
- Added property group_property_mappings (array)
- Deleted property property_mappings (array)
- Deleted property property_mappings_group (array)
  
  Property mappings used for group creation/updating.

`GET` /sources/ldap/

Parameters:

Added: group_property_mappings in query

Added: user_property_mappings in query

Deleted: property_mappings in query

Deleted: property_mappings_group in query

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property results (array)
  
  Changed items (object): > LDAP Source Serializer
  - Added property user_property_mappings (array)
  - Added property group_property_mappings (array)
  - Deleted property property_mappings (array)
  - Deleted property property_mappings_group (array)
    
    Property mappings used for group creation/updating.

`POST` /sources/oauth/

Request:

Changed content type : application/json

Added property user_property_mappings (array)
Added property group_property_mappings (array)
Added property group_matching_mode (object)

How the source determines if an existing group should be used or a new group created.

Return Type:

Changed response : 201 Created

Changed content type : application/json
- Added property user_property_mappings (array)
- Added property group_property_mappings (array)
- Added property group_matching_mode (object)
  
  How the source determines if an existing group should be used or a new group created.

`GET` /sources/oauth/

Parameters:

Added: group_matching_mode in query

How the source determines if an existing group should be used or a new group created.

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property results (array)
  
  Changed items (object): > OAuth Source Serializer
  - Added property user_property_mappings (array)
  - Added property group_property_mappings (array)
  - Added property group_matching_mode (object)
    
    How the source determines if an existing group should be used or a new group created.

`POST` /sources/plex/

Request:

Changed content type : application/json

Added property user_property_mappings (array)
Added property group_property_mappings (array)
Added property group_matching_mode (object)

How the source determines if an existing group should be used or a new group created.

Return Type:

Changed response : 201 Created

Changed content type : application/json
- Added property user_property_mappings (array)
- Added property group_property_mappings (array)
- Added property group_matching_mode (object)
  
  How the source determines if an existing group should be used or a new group created.

`GET` /sources/plex/

Parameters:

Added: group_matching_mode in query

How the source determines if an existing group should be used or a new group created.

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property results (array)
  
  Changed items (object): > Plex Source Serializer
  - Added property user_property_mappings (array)
  - Added property group_property_mappings (array)
  - Added property group_matching_mode (object)
    
    How the source determines if an existing group should be used or a new group created.

`POST` /sources/plex/redeem_token/

Return Type:

Changed response : 200 OK

Changed content type : application/json

New optional properties:
- type
- Deleted property type (object)

`POST` /sources/saml/

Request:

Changed content type : application/json

Added property user_property_mappings (array)
Added property group_property_mappings (array)
Added property group_matching_mode (object)

How the source determines if an existing group should be used or a new group created.
Added property encryption_kp (string)

When selected, incoming assertions are encrypted by the IdP using the public key of the encryption keypair. The assertion is decrypted by the SP using the private key.

Return Type:

Changed response : 201 Created

Changed content type : application/json
- Added property user_property_mappings (array)
- Added property group_property_mappings (array)
- Added property group_matching_mode (object)
  
  How the source determines if an existing group should be used or a new group created.
- Added property encryption_kp (string)
  
  When selected, incoming assertions are encrypted by the IdP using the public key of the encryption keypair. The assertion is decrypted by the SP using the private key.

`GET` /sources/saml/

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property results (array)
  
  Changed items (object): > SAMLSource Serializer
  - Added property user_property_mappings (array)
  - Added property group_property_mappings (array)
  - Added property group_matching_mode (object)
    
    How the source determines if an existing group should be used or a new group created.
  - Added property encryption_kp (string)
    
    When selected, incoming assertions are encrypted by the IdP using the public key of the encryption keypair. The assertion is decrypted by the SP using the private key.

`POST` /sources/scim/

Request:

Changed content type : application/json

Added property user_property_mappings (array)
Added property group_property_mappings (array)
Deleted property user_matching_mode (object)

How the source determines if an existing user should be authenticated or a new user enrolled.

Return Type:

Changed response : 201 Created

Changed content type : application/json
- Added property user_property_mappings (array)
- Added property group_property_mappings (array)
- Deleted property user_matching_mode (object)
  
  How the source determines if an existing user should be authenticated or a new user enrolled.
- Changed property token_obj (object)
  
  Token Serializer
  - Changed property user_obj (object)
    
    User Serializer
    - Changed property groups_obj (array)
      
      Changed items (object): > Simplified Group Serializer for user's groups
      - Changed property name (string)

`GET` /sources/scim/

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property results (array)
  
  Changed items (object): > SCIMSource Serializer
  - Added property user_property_mappings (array)
  - Added property group_property_mappings (array)
  - Deleted property user_matching_mode (object)
    
    How the source determines if an existing user should be authenticated or a new user enrolled.
  - Changed property token_obj (object)
    
    Token Serializer
    - Changed property user_obj (object)
      
      User Serializer
      - Changed property groups_obj (array)
        
        Changed items (object): > Simplified Group Serializer for user's groups
        
        Changed property name (string)

`GET` /sources/user_connections/all/

Parameters:

Added: source__slug in query

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property results (array)
  
  Changed items (object): > OAuth Source Serializer
  - Changed property source (object)
    
    Source Serializer
    - Added property user_property_mappings (array)
    - Added property group_property_mappings (array)

`POST` /sources/user_connections/oauth/

Request:

Changed content type : application/json

New optional properties:

user

Deleted property user (integer)

Return Type:

Changed response : 201 Created

Changed content type : application/json

New required properties:
- created
- Added property created (string)
- Changed property user (integer)
- Changed property source (object)
  
  Source Serializer
  - Added property user_property_mappings (array)
  - Added property group_property_mappings (array)

`GET` /sources/user_connections/oauth/

Parameters:

Added: user in query

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property results (array)
  
  Changed items (object): > OAuth Source Serializer
  
  New required properties:
  - created
  - Added property created (string)
  - Changed property user (integer)
  - Changed property source (object)
    
    Source Serializer
    - Added property user_property_mappings (array)
    - Added property group_property_mappings (array)

`POST` /sources/user_connections/plex/

Request:

Changed content type : application/json

Changed property plex_token (string)

Return Type:

Changed response : 201 Created

Changed content type : application/json

New required properties:
- created
New optional properties:
- plex_token
- Added property created (string)
- Deleted property plex_token (string)
- Changed property source (object)
  
  Source Serializer
  - Added property user_property_mappings (array)
  - Added property group_property_mappings (array)

`GET` /sources/user_connections/plex/

Parameters:

Added: user in query

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property results (array)
  
  Changed items (object): > Plex Source connection Serializer
  
  New required properties:
  - created
  New optional properties:
  - plex_token
  - Added property created (string)
  - Deleted property plex_token (string)
  - Changed property source (object)
    
    Source Serializer
    - Added property user_property_mappings (array)
    - Added property group_property_mappings (array)

`POST` /sources/user_connections/saml/

Request:

Changed content type : application/json

New optional properties:

user

Deleted property user (integer)

Return Type:

Changed response : 201 Created

Changed content type : application/json

New required properties:
- created
- Added property created (string)
- Changed property user (integer)
- Changed property source (object)
  
  Source Serializer
  - Added property user_property_mappings (array)
  - Added property group_property_mappings (array)

`GET` /sources/user_connections/saml/

Parameters:

Added: user in query

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property results (array)
  
  Changed items (object): > SAML Source Serializer
  
  New required properties:
  - created
  - Added property created (string)
  - Changed property user (integer)
  - Changed property source (object)
    
    Source Serializer
    - Added property user_property_mappings (array)
    - Added property group_property_mappings (array)

`GET` /stages/identification/{stage_uuid}/

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property password_stage (string)
  
  When set, shows a password field, instead of showing the password field as separate step.

`PUT` /stages/identification/{stage_uuid}/

Request:

Changed content type : application/json

Changed property password_stage (string)

When set, shows a password field, instead of showing the password field as separate step.

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property password_stage (string)
  
  When set, shows a password field, instead of showing the password field as separate step.

`PATCH` /stages/identification/{stage_uuid}/

Request:

Changed content type : application/json

Changed property password_stage (string)

When set, shows a password field, instead of showing the password field as separate step.

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property password_stage (string)
  
  When set, shows a password field, instead of showing the password field as separate step.

`GET` /stages/password/{stage_uuid}/

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Added property allow_show_password (boolean)
  
  When enabled, provides a 'show password' button with the password input field.

`PUT` /stages/password/{stage_uuid}/

Request:

Changed content type : application/json

Added property allow_show_password (boolean)

When enabled, provides a 'show password' button with the password input field.

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Added property allow_show_password (boolean)
  
  When enabled, provides a 'show password' button with the password input field.

`PATCH` /stages/password/{stage_uuid}/

Request:

Changed content type : application/json

Added property allow_show_password (boolean)

When enabled, provides a 'show password' button with the password input field.

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Added property allow_show_password (boolean)
  
  When enabled, provides a 'show password' button with the password input field.

`PUT` /core/transactional/applications/

Request:

Changed content type : application/json

Changed property provider (object)

Updated authentik_providers_saml.samlprovider provider_model:
- Added property encryption_kp (string)
  
  When selected, incoming assertions are encrypted by the IdP using the public key of the encryption keypair. The assertion is decrypted by the SP using the private key.
- Added property sign_assertion (boolean)
- Added property sign_response (boolean)
Updated authentik_providers_ldap.ldapprovider provider_model:
- Deleted property search_group (string)
  
  Users in this group can do search queries. If not set, every user can execute search queries.

`GET` /core/user_consent/

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property results (array)
  
  Changed items (object): > UserConsent Serializer
  - Changed property user (object)
    
    User Serializer
    - Changed property groups_obj (array)
      
      Changed items (object): > Simplified Group Serializer for user's groups
      - Changed property name (string)

`GET` /flows/executor/{flow_slug}/

Return Type:

Changed response : 200 OK

Changed content type : application/json

Updated ak-stage-flow-error component:
- Deleted property type (string)
Updated ak-stage-authenticator-totp component: New optional properties:
- type
- Deleted property type (object)
Updated ak-stage-captcha component: New optional properties:
- type
- Deleted property type (object)
Updated ak-source-oauth-apple component: New optional properties:
- type
- Deleted property type (object)
Updated ak-stage-user-login component: New optional properties:
- type
- Deleted property type (object)
Updated ak-stage-access-denied component: New optional properties:
- type
- Deleted property type (object)
Updated ak-source-plex component: New optional properties:
- type
- Deleted property type (object)
Updated ak-stage-authenticator-duo component: New optional properties:
- type
- Deleted property type (object)
Updated ak-stage-password component: New optional properties:
- type
- Added property allow_show_password (boolean)
- Deleted property type (object)
Updated ak-stage-authenticator-static component: New optional properties:
- type
- Deleted property type (object)
Updated ak-stage-autosubmit component: New optional properties:
- type
- Deleted property type (object)
Updated xak-flow-shell component: New optional properties:
- type
- Deleted property type (object)
Updated ak-provider-oauth2-device-code-finish component: New optional properties:
- type
- Deleted property type (object)
Updated ak-stage-authenticator-sms component: New optional properties:
- type
- Deleted property type (object)
Updated ak-stage-email component: New optional properties:
- type
- Deleted property type (object)
Updated ak-stage-authenticator-webauthn component: New optional properties:
- type
- Deleted property type (object)
Updated xak-flow-redirect component: New optional properties:
- type
- Deleted property type (object)
Updated ak-stage-dummy component: New optional properties:
- type
- Deleted property type (object)
Updated ak-stage-authenticator-validate component: New optional properties:
- type
- Deleted property type (object)
Updated ak-stage-consent component: New optional properties:
- type
- Deleted property type (object)
Updated ak-provider-oauth2-device-code component: New optional properties:
- type
- Deleted property type (object)
Updated ak-stage-prompt component: New optional properties:
- type
- Deleted property type (object)
Updated ak-stage-identification component: New optional properties:
- type
- Added property allow_show_password (boolean)
- Deleted property type (object)

`POST` /flows/executor/{flow_slug}/

Return Type:

Changed response : 200 OK

Changed content type : application/json

Updated ak-stage-flow-error component:
- Deleted property type (string)
Updated ak-stage-authenticator-totp component: New optional properties:
- type
- Deleted property type (object)
Updated ak-stage-captcha component: New optional properties:
- type
- Deleted property type (object)
Updated ak-source-oauth-apple component: New optional properties:
- type
- Deleted property type (object)
Updated ak-stage-user-login component: New optional properties:
- type
- Deleted property type (object)
Updated ak-stage-access-denied component: New optional properties:
- type
- Deleted property type (object)
Updated ak-source-plex component: New optional properties:
- type
- Deleted property type (object)
Updated ak-stage-authenticator-duo component: New optional properties:
- type
- Deleted property type (object)
Updated ak-stage-password component: New optional properties:
- type
- Added property allow_show_password (boolean)
- Deleted property type (object)
Updated ak-stage-authenticator-static component: New optional properties:
- type
- Deleted property type (object)
Updated ak-stage-autosubmit component: New optional properties:
- type
- Deleted property type (object)
Updated xak-flow-shell component: New optional properties:
- type
- Deleted property type (object)
Updated ak-provider-oauth2-device-code-finish component: New optional properties:
- type
- Deleted property type (object)
Updated ak-stage-authenticator-sms component: New optional properties:
- type
- Deleted property type (object)
Updated ak-stage-email component: New optional properties:
- type
- Deleted property type (object)
Updated ak-stage-authenticator-webauthn component: New optional properties:
- type
- Deleted property type (object)
Updated xak-flow-redirect component: New optional properties:
- type
- Deleted property type (object)
Updated ak-stage-dummy component: New optional properties:
- type
- Deleted property type (object)
Updated ak-stage-authenticator-validate component: New optional properties:
- type
- Deleted property type (object)
Updated ak-stage-consent component: New optional properties:
- type
- Deleted property type (object)
Updated ak-provider-oauth2-device-code component: New optional properties:
- type
- Deleted property type (object)
Updated ak-stage-prompt component: New optional properties:
- type
- Deleted property type (object)
Updated ak-stage-identification component: New optional properties:
- type
- Added property allow_show_password (boolean)
- Deleted property type (object)

`GET` /oauth2/access_tokens/

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property results (array)
  
  Changed items (object): > Serializer for BaseGrantModel and RefreshToken
  - Changed property user (object)
    
    User Serializer
    - Changed property groups_obj (array)
      
      Changed items (object): > Simplified Group Serializer for user's groups
      - Changed property name (string)

`GET` /oauth2/authorization_codes/

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property results (array)
  
  Changed items (object): > Serializer for BaseGrantModel and ExpiringBaseGrant
  - Changed property user (object)
    
    User Serializer
    - Changed property groups_obj (array)
      
      Changed items (object): > Simplified Group Serializer for user's groups
      - Changed property name (string)

`GET` /oauth2/refresh_tokens/

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property results (array)
  
  Changed items (object): > Serializer for BaseGrantModel and RefreshToken
  - Changed property user (object)
    
    User Serializer
    - Changed property groups_obj (array)
      
      Changed items (object): > Simplified Group Serializer for user's groups
      - Changed property name (string)

`POST` /stages/identification/

Request:

Changed content type : application/json

Changed property password_stage (string)

When set, shows a password field, instead of showing the password field as separate step.

Return Type:

Changed response : 201 Created

Changed content type : application/json
- Changed property password_stage (string)
  
  When set, shows a password field, instead of showing the password field as separate step.

`GET` /stages/identification/

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property results (array)
  
  Changed items (object): > IdentificationStage Serializer
  - Changed property password_stage (string)
    
    When set, shows a password field, instead of showing the password field as separate step.

`POST` /stages/password/

Request:

Changed content type : application/json

Added property allow_show_password (boolean)

When enabled, provides a 'show password' button with the password input field.

Return Type:

Changed response : 201 Created

Changed content type : application/json
- Added property allow_show_password (boolean)
  
  When enabled, provides a 'show password' button with the password input field.

`GET` /stages/password/

Parameters:

Added: allow_show_password in query

Return Type:

Changed response : 200 OK

Changed content type : application/json
- Changed property results (array)
  
  Changed items (object): > PasswordStage Serializer
  - Added property allow_show_password (boolean)
    
    When enabled, provides a 'show password' button with the password input field.

`POST` /stages/prompt/prompts/preview/

Return Type:

Changed response : 200 OK

Changed content type : application/json

New optional properties:
- type
- Deleted property type (object)

Highlights

Breaking changes

Manual action is required

Manual action may be required

New features

Upgrading

Docker Compose

Kubernetes

Minor changes/fixes

Fixed in 2024.8.1

Fixed in 2024.8.2

Fixed in 2024.8.3

Fixed in 2024.8.4

Fixed in 2024.8.5

Fixed in 2024.8.6

API Changes

What's New

GET /outposts/ldap/{id}/check_access/

GET /outposts/radius/{id}/check_access/

GET /policies/geoip/

POST /policies/geoip/

GET /policies/geoip/{policy_uuid}/

PUT /policies/geoip/{policy_uuid}/

DELETE /policies/geoip/{policy_uuid}/

PATCH /policies/geoip/{policy_uuid}/

GET /policies/geoip/{policy_uuid}/used_by/

GET /policies/geoip_iso3166/

GET /propertymappings/provider/rac/

POST /propertymappings/provider/rac/

GET /propertymappings/provider/rac/{pm_uuid}/

PUT /propertymappings/provider/rac/{pm_uuid}/

DELETE /propertymappings/provider/rac/{pm_uuid}/

PATCH /propertymappings/provider/rac/{pm_uuid}/

GET /propertymappings/provider/rac/{pm_uuid}/used_by/

GET /propertymappings/provider/radius/

POST /propertymappings/provider/radius/

GET /propertymappings/provider/radius/{pm_uuid}/

PUT /propertymappings/provider/radius/{pm_uuid}/

DELETE /propertymappings/provider/radius/{pm_uuid}/

PATCH /propertymappings/provider/radius/{pm_uuid}/

GET /propertymappings/provider/radius/{pm_uuid}/used_by/

GET /propertymappings/provider/saml/

POST /propertymappings/provider/saml/

GET /propertymappings/provider/saml/{pm_uuid}/

PUT /propertymappings/provider/saml/{pm_uuid}/

DELETE /propertymappings/provider/saml/{pm_uuid}/

PATCH /propertymappings/provider/saml/{pm_uuid}/

GET /propertymappings/provider/saml/{pm_uuid}/used_by/

GET /propertymappings/provider/scim/

POST /propertymappings/provider/scim/

GET /propertymappings/provider/scim/{pm_uuid}/

PUT /propertymappings/provider/scim/{pm_uuid}/

DELETE /propertymappings/provider/scim/{pm_uuid}/

PATCH /propertymappings/provider/scim/{pm_uuid}/

GET /propertymappings/provider/scim/{pm_uuid}/used_by/

GET /propertymappings/provider/scope/

POST /propertymappings/provider/scope/

GET /propertymappings/provider/scope/{pm_uuid}/

PUT /propertymappings/provider/scope/{pm_uuid}/

DELETE /propertymappings/provider/scope/{pm_uuid}/

PATCH /propertymappings/provider/scope/{pm_uuid}/

GET /propertymappings/provider/scope/{pm_uuid}/used_by/

GET /propertymappings/source/ldap/

POST /propertymappings/source/ldap/

GET /propertymappings/source/ldap/{pm_uuid}/

PUT /propertymappings/source/ldap/{pm_uuid}/

DELETE /propertymappings/source/ldap/{pm_uuid}/

PATCH /propertymappings/source/ldap/{pm_uuid}/

GET /propertymappings/source/ldap/{pm_uuid}/used_by/

GET /propertymappings/source/oauth/

POST /propertymappings/source/oauth/

GET /propertymappings/source/oauth/{pm_uuid}/

PUT /propertymappings/source/oauth/{pm_uuid}/

DELETE /propertymappings/source/oauth/{pm_uuid}/

PATCH /propertymappings/source/oauth/{pm_uuid}/

GET /propertymappings/source/oauth/{pm_uuid}/used_by/

GET /propertymappings/source/plex/

POST /propertymappings/source/plex/

GET /propertymappings/source/plex/{pm_uuid}/

`GET` /outposts/ldap/{id}/check_access/

`GET` /outposts/radius/{id}/check_access/

`GET` /policies/geoip/

`POST` /policies/geoip/

`GET` /policies/geoip/{policy_uuid}/

`PUT` /policies/geoip/{policy_uuid}/

`DELETE` /policies/geoip/{policy_uuid}/

`PATCH` /policies/geoip/{policy_uuid}/

`GET` /policies/geoip/{policy_uuid}/used_by/

`GET` /policies/geoip_iso3166/

`GET` /propertymappings/provider/rac/

`POST` /propertymappings/provider/rac/

`GET` /propertymappings/provider/rac/{pm_uuid}/

`PUT` /propertymappings/provider/rac/{pm_uuid}/

`DELETE` /propertymappings/provider/rac/{pm_uuid}/

`PATCH` /propertymappings/provider/rac/{pm_uuid}/

`GET` /propertymappings/provider/rac/{pm_uuid}/used_by/

`GET` /propertymappings/provider/radius/

`POST` /propertymappings/provider/radius/

`GET` /propertymappings/provider/radius/{pm_uuid}/

`PUT` /propertymappings/provider/radius/{pm_uuid}/

`DELETE` /propertymappings/provider/radius/{pm_uuid}/

`PATCH` /propertymappings/provider/radius/{pm_uuid}/

`GET` /propertymappings/provider/radius/{pm_uuid}/used_by/

`GET` /propertymappings/provider/saml/

`POST` /propertymappings/provider/saml/

`GET` /propertymappings/provider/saml/{pm_uuid}/

`PUT` /propertymappings/provider/saml/{pm_uuid}/

`DELETE` /propertymappings/provider/saml/{pm_uuid}/

`PATCH` /propertymappings/provider/saml/{pm_uuid}/

`GET` /propertymappings/provider/saml/{pm_uuid}/used_by/

`GET` /propertymappings/provider/scim/

`POST` /propertymappings/provider/scim/

`GET` /propertymappings/provider/scim/{pm_uuid}/

`PUT` /propertymappings/provider/scim/{pm_uuid}/

`DELETE` /propertymappings/provider/scim/{pm_uuid}/

`PATCH` /propertymappings/provider/scim/{pm_uuid}/

`GET` /propertymappings/provider/scim/{pm_uuid}/used_by/

`GET` /propertymappings/provider/scope/

`POST` /propertymappings/provider/scope/

`GET` /propertymappings/provider/scope/{pm_uuid}/

`PUT` /propertymappings/provider/scope/{pm_uuid}/

`DELETE` /propertymappings/provider/scope/{pm_uuid}/

`PATCH` /propertymappings/provider/scope/{pm_uuid}/

`GET` /propertymappings/provider/scope/{pm_uuid}/used_by/

`GET` /propertymappings/source/ldap/

`POST` /propertymappings/source/ldap/

`GET` /propertymappings/source/ldap/{pm_uuid}/

`PUT` /propertymappings/source/ldap/{pm_uuid}/

`DELETE` /propertymappings/source/ldap/{pm_uuid}/

`PATCH` /propertymappings/source/ldap/{pm_uuid}/

`GET` /propertymappings/source/ldap/{pm_uuid}/used_by/

`GET` /propertymappings/source/oauth/

`POST` /propertymappings/source/oauth/

`GET` /propertymappings/source/oauth/{pm_uuid}/

`PUT` /propertymappings/source/oauth/{pm_uuid}/

`DELETE` /propertymappings/source/oauth/{pm_uuid}/

`PATCH` /propertymappings/source/oauth/{pm_uuid}/

`GET` /propertymappings/source/oauth/{pm_uuid}/used_by/

`GET` /propertymappings/source/plex/

`POST` /propertymappings/source/plex/

`GET` /propertymappings/source/plex/{pm_uuid}/

`PUT` /propertymappings/source/plex/{pm_uuid}/

`DELETE` /propertymappings/source/plex/{pm_uuid}/

`PATCH` /propertymappings/source/plex/{pm_uuid}/

`GET` /propertymappings/source/plex/{pm_uuid}/used_by/

`GET` /propertymappings/source/saml/

`POST` /propertymappings/source/saml/

`GET` /propertymappings/source/saml/{pm_uuid}/

`PUT` /propertymappings/source/saml/{pm_uuid}/

`DELETE` /propertymappings/source/saml/{pm_uuid}/

`PATCH` /propertymappings/source/saml/{pm_uuid}/

`GET` /propertymappings/source/saml/{pm_uuid}/used_by/

`GET` /propertymappings/source/scim/

`POST` /propertymappings/source/scim/

`GET` /propertymappings/source/scim/{pm_uuid}/

`PUT` /propertymappings/source/scim/{pm_uuid}/

`DELETE` /propertymappings/source/scim/{pm_uuid}/

`PATCH` /propertymappings/source/scim/{pm_uuid}/

`GET` /propertymappings/source/scim/{pm_uuid}/used_by/