feat: add ability to provision entra login sources using blueprints

2026-01-14 15:35:18 +01:00 · 2026-01-14 15:35:18 +01:00 · 359622d17a
commit 359622d17a
parent 0106e8801f
4 changed files with 100 additions and 1 deletions
--- a/roles/authentik/defaults/main.yml
+++ b/roles/authentik/defaults/main.yml
@ -73,4 +73,28 @@ authentik_oidc_apps: []

 authentik_blueprint_env: []
 # GRAFANA_OIDC_CLIENT_ID: "grafana"
-# GRAFANA_OIDC_CLIENT_SECRET: "{{ vault_grafana_oidc_secret }}"
+# GRAFANA_OIDC_CLIENT_SECRET: "{{ vault_grafana_oidc_secret }}"
+# ENTRA_TENANT_ID: "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+# ENTRA_CLIENT_ID: "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+# ENTRA_CLIENT_SECRET: "{{ vault_entra_client_secret }}"
+
+# Oauth sources
+authentik_entra_sources: []
+#  - slug: entra-id
+#    name: "Login with Entra"
+#    tenant_mode: single  # single | common
+#    tenant_id_env: ENTRA_TENANT_ID
+#    client_id_env: ENTRA_CLIENT_ID
+#    client_secret_env: ENTRA_CLIENT_SECRET
+#    scopes:
+#      - openid
+#      - profile
+#      - email
+#      # add only if you really need group sync on login:
+#      # - https://graph.microsoft.com/GroupMember.Read.All
+
+
+# Show Entra on login screen:
+authentik_login_source_ids: []
+# - "source-entra-entra-id"
+authentik_identification_stage_name: default-authentication-identification