Explore documentation
  1. Welcome ๐Ÿ‘‹
  2. Product
    1. Tracing โ†—
    2. Incident management โ†—
    3. Uptime monitoring โ†—
    4. Log management โ†—
    5. Infrastructure monitoring โ†—
    6. Status page โ†—
  3. Integrations
    1. Integrating with Better Stack
    2. iOS & Android
    3. SSO providers
      1. AWS SSO
      2. Azure SSO
      3. Okta SSO
      4. Other SSO providers
        1. Google SAML SSO
        2. OneLogin SSO
        3. PingIdentity SSO
        4. Authentik SSO
        5. JumpCloud SSO
        6. Keycloak SSO
    4. Terraform
    5. MCP server
  4. Team and account management
    1. Team management
    2. Account settings
    3. Audit logs

Authentik SSO

In this guide, you're going to learn how to connect your Authentik app with Better Stack to enable single sign-on (SSO) for you and your colleagues.

SSO set-up walkthrough

  1. Start the SSO set-up by going to Single Sign-On configuration. Note that only organization admins have access to these settings.

  2. On this page click Connect on Generic SAML SSO panel.

  3. Select Authentik from the list of supported providers.

  4. Take note of the value in the Entity ID field, we're going to need this in a second.

We're going to switch to the Authentik administration now.

  1. Sign in to your Authentik administration.

  2. In left menu select Customization -> Property Mappings.

  3. Click Create, select SAML Property Mapping and fill in these values:

    • Name: email
    • SAML Attribute Name: email
    • Expression: return request.user.email and click Finish.

  4. In left menu select Applications -> Providers.

  5. Click Create, select SAML Provider and fill in this data:

    • Name: Entity ID from configuration page in Better Stack
    • Authentication flow: select the first one (default-authentication-flow)
    • Authorization flow: select the first one (default-provider-authorization-explicit-consent)
    • ACS URL: ACS URL from configuration page in Better Stack
    • Issuer: betterstack
    • Service Provider Binding: Redirect
    • Open Advanced protocol settings
    • For Signing Certificate select authentik Self-signed Certificate
    • In Property mappings select the newly created email mapping

  6. Click Finish

  7. In left menu select Applications -> Applications.

  8. Click Create and fill in this data:

    • Name: Better Stack
    • Slug: better-stack
    • Provider: select the newly created provider

  9. Click Create

  10. In left menu go to Applications -> Providers and click on newly created provider.

  11. Copy SSO URL (Redirect) and paste it to Identity Provider Single Sign-On URL field in Better Stack configuration.

  12. At the top of the page switch to Metadata tab,

  13. Copy the content of <ds:X509Certificate> element and paste it to X.509 Certificate field in Better Stack configuration.

  14. Click on Connect in Better Stack configuration - you will be redirected to the Authentik Sign on page. Sign in with the account you assigned to the Better Stack application, please.

Tada! Your Authentik Single Sign-On is now configured.

Previous article

PingIdentity SSO

Next article

JumpCloud SSO