Skip to main content

Integrate with Paperless-ngx

Support level: Community

What is Paperless-ngx

Paperless-ngx is an application that indexes your scanned documents and allows you to easily search for documents and store metadata alongside your documents. It was a fork from Paperless-ng, in turn a fork from the original Paperless, neither of which are maintained any longer.

-- https://github.com/paperless-ngx/paperless-ngx

Preparation

The following placeholders are used in this guide:

  • paperless.company is the FQDN of the Paperless-ngx installation.
  • authentik.company is the FQDN of the authentik installation.
note

This documentation lists only the settings that you need to change from their default values. Be aware that any changes other than those explicitly mentioned in this guide could cause issues accessing your application.

authentik configuration

To support the integration of Paperless-ngx with authentik, you need to create an application/provider pair in authentik.

Create an application and provider in authentik

  1. Log in to authentik as an admin, and open the authentik Admin interface.
  2. Navigate to Applications > Applications and click Create with Provider to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.)
  • Application: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
  • Choose a Provider type: select OAuth2/OpenID Connect as the provider type.
  • Configure the Provider: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
    • Note the Client ID,Client Secret, and slug values because they will be required later.
    • Set a Strict redirect URI to https://paperless.company/accounts/oidc/authentik/login/callback/.
  • Configure Bindings (optional): you can create a binding (policy, group, or user) to manage the listing and access to applications on a user's My applications page.
  1. Click Submit to save the new application and provider.

Paperless Configuration

If you have Paperless-ngx setup in Docker, add the following environment variables to your Paperless-ngx compose file:

environment:
    PAPERLESS_APPS: allauth.socialaccount.providers.openid_connect
    PAPERLESS_SOCIALACCOUNT_PROVIDERS: >
        {
          "openid_connect": {
            "APPS": [
              {
                "provider_id": "authentik",
                "name": "Authentik",
                "client_id": "<Client ID>",
                "secret": "<Client Secret>",
                "settings": {
                  "server_url": "https://authentik.company/application/o/paperless/.well-known/openid-configuration"
                }
              }
            ],
            "OAUTH_PKCE_ENABLED": "True"
          }
        }

Now restart your container: docker compose down && docker compose up -d

Finished

Now you can access Paperless-ngx by logging in with authentik.

To add authentik authentication to an existing user, log in to Paperless with local authentication, click the profile icon in the top-right, click My Profile, then Connect new social account.