Explore documentation
  1. Welcome 👋
  2. Product
    1. Tracing ↗
    2. Incident management ↗
    3. Uptime monitoring ↗
    4. Log management ↗
    5. Infrastructure monitoring ↗
    6. Status page ↗
    7. Error tracking ↗
    8. Warehouse ↗
  3. Integrations
    1. Integrating with Better Stack
    2. iOS & Android
    3. SSO providers
      1. AWS SSO
      2. Azure SSO
      3. Okta SSO
      4. Other SSO providers
        1. Google SAML SSO
        2. OneLogin SSO
        3. PingIdentity SSO
        4. Authentik SSO
        5. JumpCloud SSO
        6. Keycloak SSO
    4. Terraform
    5. MCP server
  4. Team and account management
    1. Team management
    2. Account settings
    3. Reporting
    4. Audit logs
  5. Design
    1. Brand guidelines

Authentik SSO

Learn how to connect your Authentik app with Better Stack to enable single sign-on (SSO) for you and your colleagues.

SSO setup

  1. Go to Single Sign-On configuration.
  2. Click Connect on the Generic SAML SSO panel and select Authentik.
  3. Note the Entity ID and ACS URL. You will need them in a moment.

In Authentik

  1. Sign in to your Authentik administration.
  2. In the left menu, go to Customization -> Property Mappings.
  3. Click Create, select SAML Property Mapping, and enter the following:
    • Name: email
    • SAML Attribute Name: email
    • Expression: return request.user.email
  4. Click Finish.
  5. In the left menu, go to Applications -> Providers.
  6. Click Create, select SAML Provider, and enter the following:
    • Name: The Entity ID from Better Stack.
    • Authentication flow: Select the default authentication flow.
    • Authorization flow: Select the default provider authorization flow.
    • ACS URL: The ACS URL from Better Stack.
    • Issuer: betterstack
    • Service Provider Binding: Redirect
  7. Open Advanced protocol settings:
    • For Signing Certificate, select authentik Self-signed Certificate.
    • In Property mappings, select the email mapping you just created.
  8. Click Finish.
  9. In the left menu, go to Applications -> Applications.
  10. Click Create and enter the following:
    • Name: Better Stack
    • Slug: better-stack
    • Provider: Select the provider you just created.
  11. Click Create.
  12. In the left menu, go to Applications -> Providers and click on your newly created provider.
  13. Copy the SSO URL (Redirect).
  14. Go to the Metadata tab and copy the content of the <ds:X509Certificate> element.

In Better Stack

  1. Paste the SSO URL (Redirect) into the Identity Provider Single Sign-On URL field.
  2. Paste the certificate content into the X.509 Certificate field.
  3. Click Connect. You will be redirected to Authentik to sign in.

You're done. Your Authentik Single Sign-On is now configured.

Previous article

PingIdentity SSO

Next article

JumpCloud SSO