Announcing release 2024.12: Happy Holidays!
authentik is an open source Identity Provider that unifies your identity needs into a single platform, replacing Okta, Active Directory, and Auth0. Authentik Security is a public benefit company building on top of the open source project.
Our authentik 2024.12 release is compact, sweet, and packed with great goodies, just like the holidays ought to be!
We decided not to hold on to these new features and wait to release of them early next year; they are too good to keep to ourselves. And we all know that the holidays are the best times for escaping into some new code and functionality.
Let’s unpack the 2024.12 release and take a look.
New features
-
Redirect stage
The new redirect stage allows redirecting a user to another flow or an external static URL. This means you can configure a dynamic determination of which flow the user is presented with next (based on user attributes or other factors) while keeping the flow context from the previous flow. An authentik administrator can also configure the redirect stage to send the user to a completely different URL.
-
Application entitlements (Preview)
Centrally configure permissions by granting entitlements to groups and users on an application-level basis. An authentik administrator creates the entitlement in the authentik Admin interface, then binds a user or a group to the entitlement. Application entitlements provide a more granular access control to a specific app; for example, you might want some users to be able to access the entire application, while others can only access a single page or area.
-
Apply policy, user, and group bindings directly in the Application Wizard
In the application creation wizard, administrators can now configure bindings for an application while they are creating the new app and its provider. This streamlined approach allows you to create bindings to specific policies, or specific users or groups (these bindings determine who and how the application is accessed), while in the workflow of the Wizard inst4ad of needing to separately configure the bindings.
-
CloudFormation template for 1-click deployment to AWS (Preview)
If you have an AWS account and AWS Certificate Manager certificate, you can use our new AWS CloudFormation template to quickly deploy authentik in your own AWS environment. The empalte creates a stack with all the required resources for running authentik in the cloud, a VPC (Virtual Provate Cloud) that includes the AWS SSM secrets for the PostgreSQL user and the authentik secret key, ECS, PostgreSQL, and Redis clusters, an ALB (Application Load Balancer), and an EFS filesystem. Everything you need to get authentik up and running on the cloud!
-
OAuth2 provider federation
Configure OAuth2 provider federation to allow exchanging authentication tokens between multiple providers, to allow federation between providers. With this configuration, any JWT issued by the configured providers can be used to authenticate users.
-
Silent authorization flow
In situations where authorization flows don't require user interaction, authentik automaticlaly redirects the user directly to the application, improving user experience with a faster and more seamless load time.
Changes to be aware of
There are also some changes in the 2024.12 release that might require new behaviour. Be sure to check those out in the 2024.12 Release Notes.
-
Impersonation now requires providing a reason
-
Deprecated PostgreSQL USE_PGBOUNCER and USE_PGPOOL settings
Upgrade to version 2024.12
Refer to our Upgrade documentation and the Release Notes for detailed instructions.
Enjoy the new release (and the holidays!), and as always, reach out to us with any questions or feedback. Connect with us on GitHub, Discord, or with an email to hello@goauthentik.io.