You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The Authentik docs state that one should add the Service Account as an Admin. I didn't want to do that as this introduces a big security risk to authentik, becuase an admin can change any setting and impersonate users and so on.
I looked into what you were actually doing with that user, as far as I can tell you are using it to list and read user accounts as well as to remove them.
I added the Api Access scope to the provider and gave the service account the specific permissions to read and delete users, and it's working great without the big step of giving admin access to a process which does not need it.
I would also argue that netbird should not be able to delete users from authentik, though that's a different discussion and can be done by just not assigning the delete user permission to the service account.
The text was updated successfully, but these errors were encountered:
The Authentik docs state that one should add the Service Account as an Admin. I didn't want to do that as this introduces a big security risk to authentik, becuase an admin can change any setting and impersonate users and so on.
I looked into what you were actually doing with that user, as far as I can tell you are using it to list and read user accounts as well as to remove them.
I added the Api Access scope to the provider and gave the service account the specific permissions to read and delete users, and it's working great without the big step of giving admin access to a process which does not need it.
I would also argue that netbird should not be able to delete users from authentik, though that's a different discussion and can be done by just not assigning the delete user permission to the service account.
The text was updated successfully, but these errors were encountered: