Skip to main content

Actual Budget

Support level: Community

What is Actual Budget

Actual Budget is a web-based financial management software. It helps users track and manage their income, expenses, and budgets in real time. The software compares actual spending with planned budgets to improve financial decisions.

-- https://actualbudget.org/

This guide explains how to configure Actual Budget to use authentik as the OAuth provider for logging in to the Web GUI.

Preparation

The following placeholders are used in this guide:

  • actual.company is the FQDN of the Actual Budget installation.
  • authentik.company is the FQDN of the authentik installation.

authentik configuration

Create an OAuth2/OpenID provider and an application in authentik. Use the following parameters for the OAuth2/OpenID provider:

Provider:

  • Name: SP-actual
  • Client type: Confidential
  • Redirect URIs/Origins (RegEx): https://actual.company/openid/callback
  • Signing Key: Select any available signing keys.
info

Actual Budget supports the RS256 algorithm. Be aware of this when choosing the appropriate signing key.

Take note of the Client ID and Client Secret; you will need to provide them to Actual Budget in the last step.

Leave the remaining values as default. Durations can be adjusted as needed.

Application:

  • Name: Actual Budget
  • Slug: actual
  • Launch URL: https://actual.company/

Actual Budget configuration

  1. Sign in to Actual Budget with a browser of your choice and access your budget by clicking on its name.

  2. Click your budget in the top-left corner to open the dropdown menu and select Settings.

  3. Scroll to the bottom and select Show advanced settings. Scroll again and select I understand the risks, show experimental features.

  4. To enable the option OpenID authentication method select the checkbox next to it.

  5. Scroll up to the new option Authentication method... and click Start using OpenID.

  6. Set the following values from the authentik provider:

    • Set OpenID Provider to authentik
    • Set OpenID provider URL to https://authentik.company/application/o/actual/
    • Set Client ID to client-id
    • Set Client secret to client-secret
warning

The first user to log into Actual Budget via OpenID will become the owner and administrator with the highest privileges for the budget. For more information on how to create additional users, see the Note below.

Test the login

  • Open a browser of your choice and navigate to https://actual.company.
  • Select the OpenID login method in the dropdown menu and click Sign in with OpenID.
  • You should be redirected to authentik (with the login flows you created), and then authentik will redirect you back to the https://actual.company URL.
  • If you are redirected back to the https://actual.company URL and can see the budget file selection page, the setup was successful.
info

Users are not automatically created when logging in with authentik. The owner must manually create each user in Actual Budget. To do so, click Server online at the top next to your name and select User Directory. Add a new user. The Username must match the one in authentik. You can now grant the new user access to your budget by clicking Server online next to your name at the top and selecting User Access.