Integrate with Paperless-ngx

Support level: Community

What is Paperless-ngx

Paperless-ngx is an application that indexes your scanned documents and allows you to easily search for documents and store metadata alongside your documents. It was a fork from paperless-ngx, in turn a fork from the original Paperless, neither of which are maintained any longer.

-- https://github.com/paperless-ngx/paperless-ngx

Preparation

The following placeholders are used in this guide:

• paperless.company is the FQDN of the Paperless-ngx installation.
• authentik.company is the FQDN of the authentik installation.

note

This documentation lists only the settings that you need to change from their default values. Be aware that any changes other than those explicitly mentioned in this guide could cause issues accessing your application.

authentik Configuration

Step 1 - OAuth2/OpenID Provider

Create a OAuth2/OpenID Provider (under Applications/Providers) with these settings:

Name : Paperless Redirect URI: https://paperless.company/accounts/oidc/authentik/login/callback/

Step 2 - Application

Create an application (under Resources/Applications) with these settings:

Name: Paperless Slug: paperless Provider: Paperless

Paperless Configuration

Docker

If you have Paperless-ngx setup in Docker, add the following environment variables to your Paperless-ngx compose file:

environment:
    PAPERLESS_APPS: allauth.socialaccount.providers.openid_connect
    PAPERLESS_SOCIALACCOUNT_PROVIDERS: >
        {
          "openid_connect": {
            "APPS": [
              {
                "provider_id": "authentik",
                "name": "Authentik",
                "client_id": "<Client ID>",
                "secret": "<Client Secret>",
                "settings": {
                  "server_url": "https://authentik.company/application/o/paperless/.well-known/openid-configuration"
                }
              }
            ],
            "OAUTH_PKCE_ENABLED": "True"
          }
        }

Now restart your container: docker compose down && docker compose up -d

Standalone

You need to update your paperless.conf configuration file. Paperless will search for this configuration file in the following locations and use the first one it finds:

• The environment variable PAPERLESS_CONFIGURATION_PATH
• /path/to/paperless/paperless.conf
• /etc/paperless.conf
• /usr/local/etc/paperless.conf

Edit your paperless.conf and add the following:

PAPERLESS_ENABLE_ALLAUTH=true
PAPERLESS_APPS=allauth.socialaccount.providers.openid_connect
PAPERLESS_SOCIALACCOUNT_PROVIDERS={"openid_connect":{"OAUTH_PKCE_ENABLED":true,"APPS":[{"provider_id":"authentik","name":"authentik","client_id":"<Client ID>","secret":"<Client Secret>","settings":{"server_url":"https://authentik.company/application/o/paperless/.well-known/openid-configuration"}}]}}

Now restart your Paperless services using sudo systemctl restart paperless-*

Finished

Now you can access Paperless-ngx by logging in with authentik.

To add authentik authentication to an existing user, log in to Paperless with local authentication, click the profile icon in the top-right, click My Profile, then Connect new social account.