Auto-Provisioning Pangolin using Authentik

This guide explains how to configure Pangolin and Authentik so that users are automatically provisioned with the correct organization access and roles based on their Authentik group membership.

Adding and assigning groups

To manage access in Pangolin via Authentik, go to Server Admin -> Identity Providers -> Edit -> Organization Policies tab and set the following fallback mappings:

Default Role Mapping: contains(groups, 'pangolin-admin') && 'Admin' || 'Member'
Default Organization Mapping: contains(groups, 'pangolin-org-{{orgId}}')

Then in Authentik, assign groups to users:

  1. Go to Directory -> Groups and create:
  1. Go to Directory -> Users -> {username} -> Groups