Paperless-ngx

Support level: Community

What is Paperless-ngx

Paperless-ngx is an application that indexes your scanned documents and allows you to easily search for documents and store metadata alongside your documents. It was a fork from paperless-ngx, in turn a fork from the original Paperless, neither of which are maintained any longer.

-- https://github.com/paperless-ngx/paperless-ngx

Preparation

The following placeholders will be used:

• paperless.company is the FQDN of the Paperless-ngx install.
• authentik.company is the FQDN of the authentik install.

authentik Configuration

Step 1 - OAuth2/OpenID Provider

Create a OAuth2/OpenID Provider (under Applications/Providers) with these settings:

Name : Paperless Redirect URI: https://paperless.company/accounts/oidc/authentik/login/callback/

Step 2 - Application

Create an application (under Resources/Applications) with these settings:

Name: Paperless Slug: paperless Provider: Paperless

Paperless Configuration

Docker

If you have Paperless-ngx setup in Docker, add the following environment variables to your Paperless-ngx compose file:

environment:
    PAPERLESS_APPS: allauth.socialaccount.providers.openid_connect
    PAPERLESS_SOCIALACCOUNT_PROVIDERS: >
        {
          "openid_connect": {
            "APPS": [
              {
                "provider_id": "authentik",
                "name": "Authentik",
                "client_id": "<Client ID>",
                "secret": "<Client Secret>",
                "settings": {
                  "server_url": "https://authentik.company/application/o/paperless/.well-known/openid-configuration"
                }
              }
            ],
            "OAUTH_PKCE_ENABLED": "True"
          }
        }

Now restart your container: docker compose down && docker compose up -d

Standalone

You need to update your paperless.conf configuration file. Paperless will search for this configuration file in the following locations and use the first one it finds:

• The environment variable PAPERLESS_CONFIGURATION_PATH
• /path/to/paperless/paperless.conf
• /etc/paperless.conf
• /usr/local/etc/paperless.conf

Edit your paperless.conf and add the following:

PAPERLESS_APPS=allauth.socialaccount.providers.openid_connect
PAPERLESS_SOCIALACCOUNT_PROVIDERS={"openid_connect":{"OAUTH_PKCE_ENABLED":true,"APPS":[{"provider_id":"authentik","name":"Authentik","client_id":"<Client ID>","secret":<Client Secret>","settings":{"server_url":"https://authentik.company/application/o/paperless/.well-known/openid-configuration"}}]}}

Now restart your Paperless services using sudo systemctl restart paperless-*

Finished

Now you can access Paperless-ngx by logging in with authentik.

To add authentik authentication to an existing user, log in to Paperless with local authentication, click the profile icon in the top-right, click My Profile, then Connect new social account.