TekOnline

Authentik Quick Tip: Direct Social Authentication Without Login Form

A little-known feature in Authentik allows you to skip the login form entirely and redirect users straight to your social authentication provider.

The Problem

When setting up social authentication in Authentik (like Google, GitHub, etc.), you typically see a login form with both username/password fields and social login buttons. But what if you want to skip this intermediate step and send users directly to your social provider?

The Solution

Thanks to a feature added in PR #5583, there’s a simple way to achieve this:If you configure an Identification Stage with:

  • No user fields selected
  • Only one authentication source selected (e.g., Google)

Authentik will automatically redirect to that authentication source without showing the login form.

Step-by-Step Guide

  1. Create a new Authentication Flow:
    • Name: Direct Social Authentication
    • Title: Sign in with [Provider Name]
    • Slug: direct-social-auth
    • Designation: Authentication
    • Authentication: No requirement
  1. Create an Identification Stage:
  • Go to “Flows & Stages” → “Stages”
  • Create new “Identification Stage”
  • Important settings:
    • Name: Social Only Identification
    • User Fields: [leave all unchecked]
    • Sources: [select only your social auth source]
  • This is the magic combination that triggers the automatic redirect
  1. Add the stage to your flow
  1. (Optional) To use this flow for a specific application:
  • Go to your application’s provider settings
  • Set “Authentication flow” to your new flow
  • This way, the direct social login only applies to this specific application

Why This is Useful

  • Streamlined user experience
  • No unnecessary intermediate steps
  • Can be applied selectively to specific applications
  • Maintains flexibility for other authentication flows

Security Considerations

When implementing this:

  • Ensure you maintain alternative authentication methods for administrative access
  • Consider your account recovery process since users can only authenticate via the social provider
  • Review your authorization policies to ensure proper access control

Troubleshooting

If you’re not seeing the automatic redirect:

  1. Verify no user fields are selected in the Identification Stage
  2. Confirm only one authentication source is selected
  3. Clear your browser cache and cookies
  4. Check that no other stages in your flow are interfering with the redirect

Conclusion

This simple configuration trick can significantly improve your users’ authentication experience. It’s particularly useful for applications where you want to enforce social authentication as the primary or only login method.Remember: The key is the combination of no user fields and a single authentication source in your Identification Stage. This tells Authentik to skip the login form entirely and redirect straight to your social provider.

References

  • Authentik PR #5583 – Original implementation
  • Authentik PR #5070 – Provider-specific authentication flows

Posted

in

by

jcianci12

Tags:

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *