website/docs: Add steps to set up group devices by PeshekDotDev · Pull Request #20735 · goauthentik/authentik

PeshekDotDev · 2026-03-05T08:27:01Z

Details

REPLACE ME

Checklist

Local tests pass (ak test authentik/)
The code has been formatted (make lint-fix)

If an API change has been made

The API schema has been updated (make gen-build)

If changes to the frontend have been made

The code has been formatted (make web)

If applicable

The documentation has been updated
The documentation has been formatted (make docs)

netlify · 2026-03-05T08:28:17Z

✅ Deploy Preview for authentik-storybook ready!

Name	Link
🔨 Latest commit	`d8bf744`
🔍 Latest deploy log	https://app.netlify.com/projects/authentik-storybook/deploys/69a93f05b8ef760008632f52
😎 Deploy Preview	https://deploy-preview-20735--authentik-storybook.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

netlify · 2026-03-05T08:28:59Z

✅ Deploy Preview for authentik-integrations ready!

Name	Link
🔨 Latest commit	`29afcd6`
🔍 Latest deploy log	https://app.netlify.com/projects/authentik-integrations/deploys/69af0d6367bcbd00088948a1
😎 Deploy Preview	https://deploy-preview-20735--authentik-integrations.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

netlify · 2026-03-05T08:29:29Z

✅ Deploy Preview for authentik-docs ready!

Name	Link
🔨 Latest commit	`29afcd6`
🔍 Latest deploy log	https://app.netlify.com/projects/authentik-docs/deploys/69af0d63d8db320008dbfea9
😎 Deploy Preview	https://deploy-preview-20735--authentik-docs.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

codecov · 2026-03-05T08:37:29Z

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 93.44%. Comparing base (ce1237e) to head (29afcd6).
⚠️ Report is 45 commits behind head on main.
✅ All tests successful. No failed tests found.

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #20735      +/-   ##
==========================================
+ Coverage   93.39%   93.44%   +0.05%     
==========================================
  Files         983      992       +9     
  Lines       55477    55876     +399     
==========================================
+ Hits        51813    52214     +401     
+ Misses       3664     3662       -2

Flag	Coverage Δ
conformance	`37.59% <ø> (-0.10%)`	⬇️
e2e	`43.12% <ø> (-0.15%)`	⬇️
integration	`22.32% <ø> (-0.12%)`	⬇️
unit	`91.60% <ø> (+0.06%)`	⬆️
unit-migrate	`91.69% <ø> (+0.06%)`	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

github-actions · 2026-03-05T09:04:31Z

authentik PR Installation instructions

Instructions for docker-compose

Add the following block to your .env file:

AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-29afcd61bb4dce2171881a4d3b496db1ca64eb3f
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s

Afterwards, run the upgrade commands from the latest release notes.

Instructions for Kubernetes

Add the following block to your values.yml file:

authentik:
    outposts:
        container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
global:
    image:
        repository: ghcr.io/goauthentik/dev-server
        tag: gh-29afcd61bb4dce2171881a4d3b496db1ca64eb3f

Afterwards, run the upgrade commands from the latest release notes.

website/docs/endpoint-devices/authentik-agent/device-authentication/local-device-login/linux.md

...te/docs/endpoint-devices/authentik-agent/device-authentication/local-device-login/windows.md

website/docs/endpoint-devices/authentik-agent/device-authentication/device-access-groups.mdx

tanberry

A few nits... approving now to not hold you up. Thanks @PeshekDotDev

BeryJu · 2026-03-07T14:29:56Z

website/docs/endpoint-devices/authentik-agent/device-authentication/local-device-login/linux.md


+## Configure device access
+
+Local device login requires that the authenticating user is authorized to access the device. Access is controlled via [device access groups](../device-access-groups.mdx). If no device access group is configured with the appropriate bindings, **all login attempts will be silently denied**.


Device access groups always apply, on enterprise also direct device bindings affect this

BeryJu · 2026-03-07T14:30:28Z

...te/docs/endpoint-devices/authentik-agent/device-authentication/local-device-login/windows.md

+
+## Configure device access
+
+Local device login requires that the authenticating user is authorized to access the device. Access is controlled via [device access groups](../device-access-groups.mdx). If no device access group is configured with the appropriate bindings, **all login attempts will be silently denied**.


same as above, and "silently denied" is not correct, the end user will get an access denied screen.

Where does the screen occur? When I tried logging in from Linux, it silently moved onto the local password step and didn't inform me of access denied, whether I used terminal to switch users or UI to log in

…ation/device-access-groups.mdx Co-authored-by: Tana M Berry <[email protected]> Signed-off-by: Connor Peshek <[email protected]>

…ation/local-device-login/linux.md Co-authored-by: Tana M Berry <[email protected]> Signed-off-by: Connor Peshek <[email protected]>

…ation/local-device-login/windows.md Co-authored-by: Tana M Berry <[email protected]> Signed-off-by: Connor Peshek <[email protected]>

PeshekDotDev · 2026-03-09T19:30:09Z

Issue created for linux to add ACCESS DENIED on fail goauthentik/platform#715

* main: core: allow interfaces to specify alternative stylesheets (#20774) website/docs: update agent docs (#20782) core, web: update translations (#20809) lifecycle/aws: bump aws-cdk from 2.1109.0 to 2.1110.0 in /lifecycle/aws (#20810) core: bump axllent/mailpit from v1.29.2 to v1.29.3 in /tests/e2e (#20811) core: bump cachetools from 7.0.4 to 7.0.5 (#20812) core: bump goauthentik/fips-python from `b481db2` to `3636935` in /lifecycle/container (#20814) core: bump goauthentik/fips-debian from `6c9197b` to `0975985` in /lifecycle/container (#20815) web: bump the storybook group across 1 directory with 5 updates (#20816) web: bump cspell from 9.6.4 to 9.7.0 (#20817) web: bump @formatjs/intl-listformat from 8.2.1 to 8.2.2 in /web (#20818) web: bump mermaid from 11.12.3 to 11.13.0 in /web (#20819) web: bump @types/node from 25.3.5 to 25.4.0 in /web (#20820) endpoints/connectors/agent: cleanup leftover (#20808) endpoints: prevent selection of incompatible connector (#20806) website/docs: Add steps to set up group devices (#20735) web/rbac: disambiguate duplicate permission names in initial permissions (#20786)

website/docs: Add device group steps

d8bf744

PeshekDotDev force-pushed the group-docs branch from ad02d25 to d8bf744 Compare March 5, 2026 08:29

Add windows and local device pages updates

8b65828

PeshekDotDev marked this pull request as ready for review March 5, 2026 19:12

PeshekDotDev requested a review from a team as a code owner March 5, 2026 19:12

PeshekDotDev self-assigned this Mar 5, 2026

PeshekDotDev added this to authentik Core Mar 5, 2026

github-project-automation bot moved this to Todo in authentik Core Mar 5, 2026