Announcing release 2024.8: source property mappings, SAML encryption, and more
authentik is an open source Identity Provider that unifies your identity needs into a single platform, replacing Okta, Active Directory, and auth0. Authentik Security is a public benefit company building on top of the open source project.
We are pleased to share our latest version, authentik 2024.8. This release adds substantial new support for property mappings for both providers and external sources, RBAC permissions management via blueprints and Terraform, a new policy for GeoIP, as well as several UX and DX enhancements.
Highlights
One of the many highlights that we are most excited about is the new support for using property mappings to manage user data from external sources (such as Google and GitHub). You can configure property mappings to define how the external source's user credentials and data are synced with authentik, where to store (or not store!) data, and other specific behaviour. Groups can be synced from all sources that provide group information.
Release 2024.8 also includes support for custom attributes with the RADIUS provider. By adding custom, vendor-specific attributes to the RADIUS response packets, based on the exact user who is authenticating, you can more fully integrate RADIUS into network infrastructure.
Another new feature in version 2024.8 is SAML encryption support for both source and provider, which encrypts the information of in-flight assertions.
For those who rely on automation, this release provides RBAC support for blueprints and Terraform; Permissions can now be assigned and automated using both blueprints and Terraform.
We have also simplified the LDAP provider search permissions; you no longer need to create a special group and assign users to it to define who can search the full directory. Now you need only assign the permission Search full LDAP directory
to the LDAP provider. When you upgrade to 2024.8, authentik automatically migrates your old search groups to the new RBAC-based method.
There is a new GeoIP-based policy for simple GeoIP lookups, such as country or ASN matching. For a more advanced GeoIP lookup, use an Expression policy.
UX and DX enhancements
In this release we added a couple of improvements to make using authentik even smoother.
We have moved from multi-select of items within a single list to dual-select, whereby you can multi-select options in a left pane, then move the selected options to the right pane in order to define a set of options upon which to work.
In previous editions, your search results were limited to showing only the first 100 results. Now, the full set of search results is available in a paginated display.
Changes to be aware of
Of course, there are also some changes that will likely require manual changes on your part. Be sure to check those out in the 2024.8 Release Notes. These changes are due to some of the important new features and functionality in this release, such as LDAP property mappings simplification and the default syncing of groups in OAuth and SAML sources.
If your environment uses both External and Internal users, you will want to read about the new behavior for External users. With this release, authentik improves support for B2C use-cases, for which external users are intended. It is now possible to configure a default application for external users; external users who are not attempting to access a specific application will always be redirected to this default application. As a result of this change, external users will no longer have access to the User and Admin interfaces.
Upgrade to version 2024.8
Refer to our Upgrade documentation and the Release Notes for detailed instructions. As always, we welcome your feedback. Reach out to us on GitHub, Discord, or with an email to [email protected].