Skip to main content

Identification stage

This stage provides a ready-to-go form for users to identify themselves.

User Fields

Select which fields the user can use to identify themselves. Multiple fields can be selected. If no fields are selected, only sources will be shown.

  • Username

  • Email

  • UPN

    UPN will attempt to identify the user based on the upn attribute, which can be imported with an LDAP Source


Starting with authentik 2023.5, when no user fields are selected and only one source is selected, authentik will automatically redirect the user to that source.

Password stage

To prompt users for their password on the same step as identifying themselves, a password stage can be selected here. If a password stage is selected in the Identification stage, the password stage should not be bound to the flow.

Enrollment/Recovery Flow

These fields specify if and which flows are linked on the form. The enrollment flow is linked as Need an account? Sign up., and the recovery flow is linked as Forgot username or password?.

Pretend user exists


Requires authentik 2024.1

When enabled, any user identifier will be accepted as valid (as long as they match the correct format, i.e. when User fields is set to only allow Emails, then the identifier still needs to be an Email). The stage will succeed and the flow will continue to the next stage. Stages like the Password stage and Email stage are aware of this "pretend" user and will behave the same as if the user would exist.