33
Authelia + Bitwarden + other selfhosted stuff
(sh.itjust.works)
Hi, recently I started using authelia, and can't understand how I need to use it, and how do I share it with others
Before I had bitwarden, kept all my passwords there, and used the passwords to login to every service. Also in every service I had 2FA and/or FIDO.
But now I have authelia, and I'm trying to understand where should be the main password, and what services do I bypass, and etc
And the most important, how do I explain people how to use it, do I create them authelia credentials and send, or how?
Thank you
I use authentik but believe it's similar. You can create accounts for people and give them passwords, or send a welcome email asking them to register to create one. I would warn you though, not every service has the ability to use it and it does take quite some effort to get it working! It's interesting to learn about though
There's no registration in authelia I believe 🥲
And my problem is, like, should authelia password be manually typed, if not, where do the people store the password if they don't have bitwarden yet
If you are looking for user management and registration, then Authelia is the wrong software for you.
Authelia is a very light weight security layer (and more recently SSO) that is only meant for few users precisely because it doesn't have an onboarding process, dynamic access control, and more advanced features. Everything is done through config files and secrets. The admin has to manually create a file or plaintext lines with the user and password for each new user and restart the container.
Authentik is what you want if you want a bunch of users and new user sign up.
As for bitwarden/SSO, they should be fully separate. Otherwise you will likely break Bitwarden app and browser integration functionality.
You also do not want to run into the case where you don't know your SSO password so you can't get into bitwarden to find the password and you are screwed.
Bitwarden, TOTP method, and SSO should ideally be separate and you should be able to access your passwords and TOTP without requiring any password that is exclusively in the Bitwarden database.
There's actually a point of doing that, it's called lock down, but how to explain users how to do this 😆
For bitwarden functionality there are bypass rules on just a nginx location, or network somebody is reaching through
In general the situation reminds me using selfhosted email as a contact email for that hosting 😁 but I think in this case it's less risk because I control the data
Edit: and I'm not really looking for user management, I just want to know how to use authelia efficiently
2 Factor Auth and Single Sign On with Authelia - Techno Tim
Authelia - Free, Open Source, Self Hosted authorization and authentication for your web applications - Awesome Open Source
Authenticate & Authorise Everything with Authelia - Jim's Garage
That should give you a good start.
Here is an alternative Piped link(s):
2 Factor Auth and Single Sign On with Authelia - Techno Tim
Authelia - Free, Open Source, Self Hosted authorization and authentication for your web applications - Awesome Open Source
Authenticate & Authorise Everything with Authelia - Jim's Garage
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I'm open-source; check me out at GitHub.