Skip to content

Authentik Integration

This section explains how to add Authentik as a middleware through Traefik so that you can secure the ConfigServer WebUI behind an authentication server.


If you are adding Authentik as middleware in the steps above; the last thing you must do is log in to your Authentik admin panel and add a new Provider so that we can access the CSF WebUI via your domain.


Once you sign into the Authentik admin panel, go to the left-side navigation, select Applications -> Providers. Then at the top of the new page, click Create.



For the provider, select Proxy Provider.



Add the following provider values:

  • Name: CSF ForwardAuth
  • Authentication Flow: default-source-authentication (Welcome to authentik!)
  • Authorization Flow: default-provider-authorization-implicit-consent (Authorize Application)


Select Forward Auth (single application):

  • External Host: https://csf.domain.com



Once finished, click Create. Then on the left-side menu, select Applications -> Applications. Then at the top of the new page, click Create.



Add the following parameters:

  • Name: CSF (ConfigServer Firewall)
  • Slug: csf
  • Group: Administrative
  • Provider: CSF ForwardAuth
  • Backchannel Providers: None
  • Policy Engine Mode: any



Save, and then on the left-side menu, select Applications -> Outposts:



Find your Outpost and edit it.


Move CSF (ConfigServer Firewall) to the right side Selected Applications box.



You should be able to access csf.domain.com and be prompted now to authenticate with Authentik.