Auto-Provisioning Pangolin using Authentik
This guide explains how to configure Pangolin and Authentik so that users are automatically provisioned with the correct organization access and roles based on their Authentik group membership.
Adding and assigning groups#
To manage access in Pangolin via Authentik, go to Server Admin -> Identity Providers -> Edit -> Organization Policies tab and set the following fallback mappings:
Default Role Mapping: contains(groups, 'pangolin-admin') && 'Admin' || 'Member'
Default Organization Mapping: contains(groups, 'pangolin-org-{{orgId}}')
Then in Authentik, assign groups to users:
- Go to Directory -> Groups and create:
pangolin-admin
- for admin userspangolin-org-{orgId}
- use the org ID from your Pangolin URL (for example https://your.instance/xy/settings/sites the org ID isxy
)
- Go to Directory -> Users -> {username} -> Groups
- Add the user the correct
pangolin-org-{orgId}
group - Optionally add the
pangolin-admin
if they need admin rights.