Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

SSO Unraid Authentik

Featured Replies

I setup an oidc provider to login in unraid.

I can't believe i had not seen that before.

My unraid server is 7.1.4

I used authentik (for now version 2025.8.3) as provider (runs in a compose stack on unraid).

Here are my comments:

  • according to the doc you need to fill in the issuer url without a trailing slash. In my case that was not working without

  • when you type the uri in authentik the docs says: http://YOUR_UNRAID_IP/graphql/api/auth/oidc/callback But if you run unraid on a non standard port you have to include it. On port 80 i run authentik so the result is weird.

  • when you log out of unraid you stay logged in authentik. Many apps implementing oidc provide a choice when logging out to log out from the app or from auth provider too

  • when you try to log in with an unauthorized user ( in my case i use group membership as condition) you have a screen indicating "authentication failed" but when you try to login again with an authorized user you can't as you are still logged in authentik but with an unauthorized account. You then have to logout from authentik. That means open a new tab on authentik and log out from authentik. It's not a big deal but it's not very convenient.

For authorizing a user i prefer to use a group membership. It's not documented in unraid doc but you can find info on that as jellyfin oauth2 use the same thing.

Basically you have to create a user group in authentik and put in all the users you want to authorize.

Then you have to create a scope mapping :

  • name: group membership

  • slug: groups

  • expression: return [group.name for group in user.ak_groups.all()]

  • description : see which group the user belong to

Then you edit authentik provider and in advanced protocol settings you had the group membership to the already selected scopes.

If i understood correctly all authorized users are logged in as root user in unraid.

I upgraded my backup server to 7.2 RC1 i will try on this one to see there is the same behavior.

I wonder if i could use the same authentik provider for my second server. That could work, i would have just to add the callback uri of the second server to the provider in authentik.

Anyway this is a great step forward.😃

edit: doesn't work with one provider for 2 servers.

Edited by caplam

  • 2 weeks later...

How did you fix the fact that the issuer URL will not allow a trailing slash, but then Authentik will not work unless you have the trailing slash? It sounds like you overcame it, but how?

The UI gives me an error but does in fact save with the trailing "/". This was needed for me to get SSO to work with Authentik.

11 hours ago, vtmikel said:

The UI gives me an error but does in fact save with the trailing "/". This was needed for me to get SSO to work with Authentik.

Thanks this is right. I hope maybe they will get rid of that error considering the trailing "/" is needed. I am all set now (had some issues whitelisting usernames but emails worked).

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.