Skip to main content

Release 2021.2

Headline Changes

  • Managed objects

    Objects like property mappings can now be marked as managed, which means that they will be created, updated and deleted by authentik.

    Currently, this is used to update default property mappings, and mark tokens and users generated by outposts.

  • Improved support for different LDAP Servers

    The LDAP source has improved support for non-Active Directory LDAP setups. This includes the following changes:

    • Switch to sync membership from groups to users rather than user to group
    • Fix users, which were removed from a group in LDAP not being removed from said group
    • Add support for LDAP servers which have core fields declared as lists
    • Add property-mappings for groups, to map attributes like name or is_superuser
  • Add test view to debug property-mappings.


  • admin: add test view for property mappings
  • core: Fix application cache not being cleared correctly (and not being ignored for searches)
  • events: add send_once flag to send webhooks only once
  • events: allow searching by event id
  • events: don't log successful system tasks
  • events: improve information sent in notification emails
  • providers/oauth2: pass application to configuration error event
  • providers/saml: fix imported provider not saving properties correctly
  • root: use filtering_bound_logger for speed improvements
  • stages/consent: fix wrong widget for expire
  • web: migrate Provider List to SPA

Fixed in 2021.2.1-rc2

  • admin: add Certificate-Keypair generation
  • admin: fix property-mapping views redirecting to invalid URL
  • admin: improve layout for policy testing
  • admin: remove old provider list view
  • outpost: cap reconnect backoff at 60 seconds, reset backoff on successful connection
  • policies: add debug flag to PolicyRequest to prevent alerts from testing policies
  • providers/saml: force-set friendly_name to empty string for managed mappings
  • root: add dedicated live and readiness healthcheck views
  • web: fix link to provider list on overview page
  • web: fix outpost item in sidebar being active on service connection views

Fixed in 2021.2.1-stable

  • admin: fix link in source list
  • web: rebuild Outposts list in SPA
  • outposts: Fix reconnect not working reliably
  • providers/oauth2: add authorized scopes to AUTHORIZE_APPLICATION event
  • providers/oauth2: add unofficial groups attribute to default profile claim
  • web: fix sidebar being active when stage prompts is selected

Fixed in 2021.2.2-stable

  • crypto: move certificate and key data to separate api calls to create events
  • events: rename context.token to context.secret
  • events: rename token_view to secret_view
  • lib: fix stacktrace for general expressions
  • outposts: fix ProxyProvider update not triggering outpost update
  • policies: skip cache on debug request
  • providers/proxy: fix certificates without key being selectable
  • root: log runtime in milliseconds
  • sources/*: switch API to use slug in URL
  • sources/ldap: add API for sync status
  • sources/oauth: add callback URL to api
  • web: fix ModalButton working in global scope, causing issues on 2nd use

Fixed in 2021.2.3-stable

  • core: fix tokens using wrong lookup
  • web: fix missing source create button

Fixed in 2021.2.4-stable

  • admin: fix missing success_urls causing errors on create/update forms
  • core: fix typo in user settings causing sources to not show

Fixed in 2021.2.5-stable

  • admin: fix policy list not having a refresh button
  • events: pass Event's user to Notification policy engine when present
  • helm: add initial wait for healthcheck
  • outpost: improve logging output, ensure fields match api server
  • root: fix request_id not being logged for actual asgi requests
  • sources/oauth: fix buttons not being ak-root-link
  • web: fix library not being full height, again
  • web: fix outpost edit/delete buttons
  • web: fix SiteShell breaking links when handlers are updated twice

Fixed in 2021.2.6-stable

  • admin: fix missing success_url for Cache clean views
  • events: fix error when event can't be loaded in rule task
  • flows: handle error when app cannot be found during flow import
  • policies: sort groups in GroupMembershipPolicy policy and binding
  • providers/oauth2: fix error when no login event could be found
  • sources/ldap: fix API error when source has not synced yet
  • sources/ldap: fix password setter on users which are not LDAP
  • web: add sentry CaptureConsole
  • web: fix colourstyles not being included in common_styles


This release does not introduce any new requirements.

Due to the switch to managed objects, some default property mappings are changing. This affects only the SAML Provider.

The change affects the "SAML Name" property, which has been changed from an oid to a Schema URI to aid readability.

The integrations affected are:


Download the docker-compose file for 2021.2 from here. Afterwards, simply run docker-compose up -d and then the standard upgrade command of docker-compose run --rm server migrate.


Run helm repo update and then upgrade your release with helm upgrade authentik authentik/authentik --devel -f values.yaml.