Auto adding new users to groups in Authentik

I had a new app working, and I needed to add authentication so I could set up a user-specific database when a new user signs in. In other words, I kinda wanted pass through auth. Where all we need is the users email address in order to identify them. Here’s how I achieved it by creating a guest group in Authentik and modifying the user settings to automatically add users to this group upon their first login:

Step 1: Create a Guest Group in Authentik

1. Log in to Authentik Admin Interface: Navigate to the Admin interface and log in with your credentials.
2. Navigate to Directory: In the left-hand menu, click on “Directory” and then select “Groups”.
3. Create a New Group: Click on the “Create” button at the top of the Groups page.
4. Define Group Details: In the Create modal, fill in the following details:
   • Name: Enter a name for the group, e.g., “Guests”.
   • Super-User: Ensure this is unchecked.
   • Parent Group: Leave this blank.
   • Roles: Leave this empty.
   • Scopes: Leave this empty unless needed for the client application.
5. Create the Group: Click “Create” to finalize the group creation.

Step 2: Modify the Default User Settings to Add Users to the Guest Group

1. Navigate to Stages: In the left-hand menu, click on “Applications” and then select “Stages”.
2. Select User Settings Write Stage: Find and select the “User Settings Write” stage.
3. Modify the Stage Configuration:
   • Add a step to include new users in the “Guests” group automatically. This can usually be done by configuring the stage to automatically assign the guest group to new users.

Testing

Thoroughly test the entire flow to ensure that new users are correctly added to the guest group when they sign in.

This streamlined process should help you get up and running with SSO and user management in Authentik! If you need any further details or adjustments, feel free to ask.