What steps should you follow to integrate Immich with Authentik

To integrate Immich with Authentik, follow these step-by-step instructions:

Step 1: Set Up Authentik

image640×770 74.5 KB

1. Create a New Client Application:

   • Log in to your Authentik instance and navigate to the Admin Interface.
     
     

     image800×432 24.8 KB
   • Go to Applications > Providers and click on Create.
     
     

     image800×443 34.6 KB
   • Choose OpenID Connect as the provider type.
     
     

     image800×670 61.6 KB
   • Fill in the required details:
     • Name: e.g., “Immich Provider”.
     • Client ID: Note this down for later use.
     • Client Secret: Note this down as well.
       
       

       image800×538 42.3 KB
   • Set the Authorization Flow to “Implicit” if you want users to log in without consent.

2. Configure Redirect URIs:

   • Under redirect URIs, add the following:

     app.immich:/
     http://[YOUR_DOMAIN_OR_SERVER_IP]:[PORT]/auth/login
     http://[YOUR_DOMAIN_OR_SERVER_IP]:[PORT]/user-settings
     

     

     image800×526 41.1 KB
   • Save your changes.
     
     

     image800×535 35.1 KB
   

   image796×795 98.8 KB
   

   image800×489 36.4 KB
   

   image800×376 40 KB

Step 2: Configure Immich

1. Access Immich Settings:

   • Navigate to your Immich instance and go to the System Settings.
     

     

     image800×434 28 KB

   • Find the OAuth Authentication section.
     

     

     image800×686 17.5 KB

2. Input OAuth Details:

   • Enter the following details:

     • Authorization URL: This is typically your Authentik instance URL.
     • Access Token URL: Same as above.
     • Client ID: Use the one you noted from Authentik.
     • Client Secret: Use the one you noted from Authentik.
     • Scopes: Include openid and any other necessary scopes.
       
       

       image800×674 30.5 KB
     

     image800×278 15.9 KB

3. Set Up Redirect URIs in Immich:

   • Ensure that the redirect URIs match those configured in Authentik.

   #IMPORTANT:
   #Since auto lunch is enabled, immich won't ever ask you to login back again, it 
   #will #redirect you to authentik so you can enter your credentials there.
   #So if you want to log back in with your immich Administrator account then you 
   #have to use the following URL:
   http://debian-tests.home.lan:1002/auth/login?autoLaunch=0
   

Step 3: Create Users and Test

1. Create Users in Authentik:

   • Go to Directory > Users > Create in Authentik and add users as needed.
     
     

     image800×544 45.6 KB
   

   image655×636 40.8 KB
   

   image800×487 41.2 KB
   

   image800×694 40.3 KB

2. Testing the Integration:

   • Open your browser and navigate to your Immich instance.

   http://[YOUR_DOMAIN OR SERVER_IP_PLUS_PORT]/
   # sample: http://127.0.0.1:1002/ -or- http://localhost:1002/ -or- https://photos.my-amazing-domain.com/
   

   • You should be redirected to Authentik for authentication.
     

     

     image619×685 83.2 KB

   • Log in using one of the user accounts created in Authentik.

By following these steps, you should be able to successfully integrate Immich with Authentik for a seamless authentication experience.

I obviously didn’t include a bunch of stuff like how I configure groups in authentik so that certain users can access the photos app and some others don’t. Or how do I configure authentik to talk to google, because I don’t wan’t to create accounts for all my family if they can just use their google accounts.

Will post everything one by one dont worry.