authentik Agent
What is the authentik Agent?
The authentik Agent is a service that can be installed on Linux, macOS, and Windows devices. It provides the following capabilities:
- Device Compliance by reporting information about Endpoint Devices to authentik
- Local device login with authentik credentials
- Connecting via SSH to Endpoint Devices with authentik credentials
- Authenticating to CLI applications such as kubectl and AWS with authentik credentials
authentik Agent components
The authentik Agent consists of several components:
| Platform | Component | Description | Dependencies |
|---|---|---|---|
| Linux, macOS, Windows | authentik-cli | Provides CLI commands for interacting with authentik-agent. | authentik-agent |
| Linux, macOS, Windows | authentik-agent | Authentication in a users' context, for CLI tools. service. | authentik-sysd |
| Linux, macOS, Windows | authentik-sysd | Responsible for handling device-level authentication and compliance checks. service. | None |
| Linux only | libpam-authentik | PAM Module for token-based and interactive authentication via authentik. Used for SSH authentication and local device login. | authentik-sysd |
| Linux only | libnss-authentik | NSS Module that makes Linux aware of authentik users. All authentik users will be visible to Linux - but won't be able to login unless configured via device access groups. Provides a consistent uid and gid for users on all Endpoint Devices. | authentik-sysd, libpam-authentik |
| Windows only | Windows Credential Provider (WCP) | Enables logging in to Windows devices using authentik credentials. | authentik-sysd |
Technical information
All authentik Agent components communicate via gRPC and Unix domain sockets/Windows named pipes.
Linux: /var/run/authentik/sys.sock and /var/run/authentik/sys-ctrl.sock
macOS: /var/run/authentik-sysd.sock and /var/run/authentik-sysd-ctrl.sock
Windows: \\.\pipe\authentik\sysd and \\.\pipe\authentik\sysd-ctrl
sys.sock/*sysd.sockfor general communication*-ctrl.sockfor domain join
Important considerations
Sentry reporting is currently enabled by default and cannot be disabled. This will be configurable in a future release.
More information
For more information refer to each of the topics below:
📄️ Configuration
Before deploying the authentik Agent, configure your authentik deployment. This involves:
🗃️ Deployment
4 items
📄️ Agent CLI commands
The following commands are available when interacting with the authentik Agent via the command line.
📄️ Development
The authentik Agent and associated components are developed in the authentik Platform GitHub repository. For source code and information on contributing to the project, refer to the documentation included in the GitHub repository.
🗃️ Release notes
Release Notes for recent authentik agent versions