NetBird
What is NetBird?
NetBird is an open source, zero trust, networking platform that allows you to create secure private networks for your organization or home.
Preparation
The following placeholders will be used:
netbird.company
is the FQDN of the NetBird install.authentik.company
is the FQDN of the authentik install.
authentik configuration
Provider & application configuration
- Access the Admin Interface of your authentik installation.
- Create a new OAuth2 / OpenID Provider.
- Ensure the Client Type is set to
Public
. - Note the generated Client ID and Client Secret.
- In the provider settings, add the following redirect URLs under Redirect URIs/Origins:
- Strict;
https://netbird.company
- Regex;
https://netbird.company/.*
- Strict;
http://localhost:53000
- Strict;
- Under Signing Key, select an available key. By default, the authentik self-signed certificate is available.
- Under Advanced Protocol Settings, set the Access Code Validity to
minutes=10
and set the Subject Mode toBased on the User's ID
. - Click Finish to save the provider configuration.
- Create a new application associated with this provider.
Service account setup
- Access the Admin Interface of your authentik install once more.
- Navigate to Directory -> Users, and click Create a service account.
- Set the username to
NetBird
and disable the Create group option. - Take note of the generated password.
Adding the service account to the administrator group
- Under Directory -> Groups, select the
authentik Default Admins
group and switch to the Users tab near the top of the page. - Click Add existing user and then select your NetBird service account.
NetBird configuration
To configure NetBird to use authentik, add the following values to your setup.env
file:
NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT="https://authentik.company/application/o/netbird/.well-known/openid-configuration"
NETBIRD_USE_AUTH0=false
NETBIRD_AUTH_CLIENT_ID="<Your Client ID>"
NETBIRD_AUTH_SUPPORTED_SCOPES="openid profile email offline_access api"
NETBIRD_AUTH_AUDIENCE="<Your Client Secret>"
NETBIRD_AUTH_DEVICE_AUTH_CLIENT_ID="<Your Client ID>"
NETBIRD_AUTH_DEVICE_AUTH_AUDIENCE="<Your Client ID>"
NETBIRD_MGMT_IDP="authentik"
NETBIRD_IDP_MGMT_CLIENT_ID="<Your Client ID>"
NETBIRD_IDP_MGMT_EXTRA_USERNAME="Netbird"
NETBIRD_IDP_MGMT_EXTRA_PASSWORD="<Your Service Account password>"
After making these changes, restart your Docker containers to apply the new configuration.
Once completed, NetBird should be successfully configured to use authentik as its Single Sign-On provider.