After enabling OIDC and authenticating via Authentik I lost admin ability

[the-bort-the]

Before enabling OIDC and integrating Authentik, I used the demo user to create a new admin user. I then disabled the demo user and had been using the basic auth for this new admin user.

After configuring OIDC I am able to log into Planka, but after doing so, I noticed my admin user was overwritten by my Authentik user. While this isn't the end of the world, I did noticed I lost my admin capabilities. Looking to the database I tried to update the column is_admin to t within the user_account table.

This worked until I restarted the container. Is there something else needed to permanently provide myself admin? It also seems since I enabled OIDC, I cannot comment out the OIDC variables within docker-compose.yml. It says I need to use SSO. I wonder if I'm locked into SSO now?

  #- OIDC_ISSUER=https://auth.example.com/application/o/planka/
  #- OIDC_CLIENT_ID=$client_id
  #- OIDC_CLIENT_SECRET=$client_secret

[the-bort-the]

Even a logout / login will change that boolean flag back to false for is_admin

[meltyshev]

Hi!

To ensure you always have admin privileges, you need to either uncomment OIDC_IGNORE_ROLES=true and modify the role directly in the database, or configure OIDC groups and set OIDC_ADMIN_ROLES=admin with OIDC_ROLES_ATTRIBUTE=groups.

Regarding SSO locking, it can't currently be modified through the UI. However, you can update the is_sso field for a specific user directly in the database.