website/integrations/platforms/stripe/index.mdx
Stripe is a financial infrastructure platform that enables businesses to accept online and in-person payments, embed financial services, and build custom revenue models.
The following placeholders are used in this guide:
authentik.company is the FQDN of the authentik installation.:::info This documentation lists only the settings that you need to change from their default values. Be aware that any changes other than those explicitly mentioned in this guide could cause issues accessing your application. :::
To support the integration of Stripe with authentik, you need to create a group, a property mapping, and an application/provider pair in authentik.
Stripe Admins).stripe_role: admin. Other account types are also supported, see the Stripe SSO DocumentationLog in to authentik as an administrator and open the authentik Admin interface.
Navigate to Customization > Property Mappings and click Create. Then, create a SAML Provider Property Mapping using the following settings:
Stripe RoleStripe-Role-<stripe-account-id> Can be found herereturn request.user.group_attributes().get("stripe_role", "")
:::info
To find your Stripe account ID, log in to your Stripe dashboard and navigate to Settings > Account > Account details. You'll find your account ID, which starts with acct_, displayed on the right-hand side.
:::
Log in to authentik as an administrator and open the authentik Admin interface.
Navigate to Applications > Applications and click Create with Provider to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.)
Application: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
Choose a Provider type: select SAML Provider as the provider type.
Configure the Provider: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
https://dashboard.stripe.com/login/saml/consume.https://dashboard.stripe.com/saml/metadata.Post.Stripe Role property mapping to Selected User Property Mappings.authentik default SAML Mapping: Email.Configure Bindings (optional): you can create a binding (policy, group, or user) to manage the listing and access to applications on a user's My applications page.
Click Submit to save the new application and provider.
Provider for Stripe).Certificate file and it will be required in the next section.Log in to the Stripe administrator user authentication page as an administrator.
Click on the Settings cogwheel, and navigate to Team and security > Single sign-on (SSO).
Click Add domain, then input the domain that SSO users will use. For more information, see the Stripe Proving Domain Ownership documentation.
Once your domain is verified, click on the 3 dots next to the domain name, and click Manage SSO Settings.
Enter the following settings:
https://auth.domain.com/application/saml/stripe/sso/binding/redirect/authentikClick Continue.
Enter the email address of an authentik user designated for testing the SSO configuration and click Continue. Ensure that the user belongs to the appropriate authentik group. After logging in on authentik, you will be redirected back to Stripe.
If the test is successful, click Continue. Otherwise, verify your configuration and try again.
Choose the SSO Enforcement setting. Selecting Required mandates that users use authentik to log in, whereas Optional allows users to choose between authentik and the standard Stripe login.
Click Save.
To verify that authentik is properly integrated with Stripe, first sign out of your account. Then, navigate to the Stripe dashboard login page and then click Sign in with SSO. Enter an email address that’s provisioned for SSO, and click Continue with SSO. You will then be redirected to authentik for authentication before being sent back to the Stripe dashboard.