Hey, yes...(pinning your question/my answer in case anyone else needs it) in the beginning of the video I mentioned assuming you have your email setup already. If you don't, its fairly easy...for example in my example I was using Google SMTP relay. So if you have a Gmail account, go to myaccount.google.com, click on 'Security', then 'App passwords'. Generate an App password and be sure to write it down as it won't show again and you'll have to re-generate one (for instance I chose Custom, named it Authentik and generated one). Then you enter all your information into your .env file and reference those entries in your docker-compose file OR you can just enter them directly in your docker-compose file (but .env is recommended) here's my entry in my docker-compose with the values in my .env file: AUTHENTIK_EMAIL__FROM: ${AUTHENTIK_EMAIL__FROM} AUTHENTIK_EMAIL__HOST: ${AUTHENTIK_EMAIL__HOST} AUTHENTIK_EMAIL__PASSWORD: ${AUTHENTIK_EMAIL__PASSWORD} AUTHENTIK_EMAIL__PORT: ${AUTHENTIK_EMAIL__PORT} AUTHENTIK_EMAIL__TIMEOUT: ${AUTHENTIK_EMAIL__TIMEOUT} AUTHENTIK_EMAIL__USERNAME: ${AUTHENTIK_EMAIL__USERNAME} AUTHENTIK_EMAIL__USE_SSL: ${AUTHENTIK_EMAIL__USE_SSL} AUTHENTIK_EMAIL__USE_TLS: ${AUTHENTIK_EMAIL__USE_TLS} Gmail SMTP info reference: support.google.com/a/answer/176600?hl=en Authentik email configuration docs: goauthentik.io/docs/installation/docker-compose#email-configuration-optional-but-recommended
@@cooptonian Ahh okay that makes sense. My only problem now is that I am using Unraid and have to figure out how to edit that env file or to change the variables. Because I'm not sure if I have to edit the Authentik app or the Authentik-Worker app.
@@bballer11241 Edit the Authentik Docker, and at the bottom of the page you can add another variable. Set the "Config Type" to Variable, fill the key with the variable info from Authentik like "AUTHENTIK_EMAIL__USERNAME". And as Value you have to put the information needed to set the variable, with the above variable put in the mail adres. Only thing to test if SSL has to be set to true or TLS. They can't be set both to true. Hope it helps 😉
@@cooptonian Hey Nice Video, I'm struggling really hard to setup the email part can you provide more information about how to create the GMAIL Relay ( I cant use the Gmail SMTP as I need an admin account)
@@cooptonian question I found a compose file with this ports: - "${AUTHENTIK_PORT_HTTP:-9000}:9000" which port would need changed inside or the outside the bracket? Thankyou 👍
subscribing to your channel specifically for more authentik videos!! i'm a big authentik fan - use it for pretty basic stuff presently but want to expand usage
Can you explain how to setup the email settings for Authentik? You state the assumption is it's working but there's nothing in your other videos that describes it. Everything else worked as expected, thank you! I echo the sentiment from others - Authentik is too complicated and not intuitive enough, but it is POWERFUL once you figure it out. I see your comments above -- but what isn't clear is WHERE do you add those variables/.env adjustments? Are the docker compose variables under the worker or the server? Can you share an example with dummy data filled out so we know what goes where?
So my docker-compose file is straight from the documentation found here: goauthentik.io/docs/installation/docker-compose On this page, right after the docker-compose section it has "Email configuration (optional, but recommended)"; I copied and pasted this block into the .env file then edited the values to be relevant to the email service I use (in this case Gmail, which you will need to create an app password by going to myaccount.google.com/apppasswords to be able to login and use Google's SMTP service from authentik or any other application for that matter. App passwords are explained here: support.google.com/accounts/answer/185833?hl=en. Anyways, the app password you create is the password you'd use for email password in the authentik email password field...again, this is if you plan on using Google's SMTP relay service. I also then added this same block I copied into the .env file to both the server and worker environment blocks within my docker-compose file. The only difference is I entered variables (${variable_name}) referring to the values I entered within the .env file EXAMPLE line from docker-compose.yml: AUTHENTIK_EMAIL__HOST=${AUTHENTIK_EMAIL__HOST}
Using the settings I listed above (and even trying SSL as false) I get the following errors in my Authentik logs: authentik-worker-1 | {"event": "Task authentik.stages.email.tasks.send_mail[6e9bb7cb-a9d6-4478-99d6-6cfe8edaf258] raised unexpected: SMTPNotSupportedError('SMTP AUTH extension not supported by server.')", "exc_info": ["", "SMTPNotSupportedError('SMTP AUTH extension not supported by server.')", ""], "level": "error", "logger": "celery.app.trace", "timestamp": 1673715115.5892682} Seems like something on the gMail end more than on the Authentik side. Any ideas? Are there other email services that might work better?
I would check that whatever address/alias you are using for authentik through gmail that you have it as listed as a "Send mail as" address and to be sure you are using the correct SMTP ports depending on if TLS or SSL...also that app password is important as your normal gmail password will not work. But, if wanting to use a different free service, you can also try sendgrid.com. If you don't have too much mail flow it allows up to 100 emails/day. I have a slightly more complicated setup of cloudflare, gmail, sendgrid so I can have my own domain for email. I adapted what I learned from a video by @Craylor (ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-AT9MiUDtk4E.html) and this video by @IdeaSpot (ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-nNGcvz1Sc_8.html) I looked up just now and very similar to my setup, except he uses sendinblue.
see this documentation on authentik's site: goauthentik.io/docs/installation/docker-compose ...You will need to enter your relevant SMTP email account info into your docker-compose file directly or into your .env file; the latter being the preferred method. Then in your docker-compose you can just have either variables form compose referring to the info you filled out in your .env file or instead of referring variables, refer to the .env file itself with: env_file: - .env
@@cooptonian your guide seems to cover username and password reset. but after i did that, it didn't also prompt the totp mfa reset which is what i needed. did you make a video for that by any chance?
@@cooptonian from discord i found a solution. since i had a passwordless setup already which doesn't require mfa, i was able to login to the authentik admin page. from there, i went to users, and for admin i deleted the totp entry. then when i log in it will prompt to create the totp (my setting is force to use totp). everything was all based on your previous guides for authentik, so ty ^^
@@cooptonian I cannot get the email to be sent from the recovery flow, I have successfully tested my global email settings but the email is not sent by the worker container.
I add to untick "Use global settings" and then re-enter all my email setting in the email stage to make it work, thanks to user cmcooper1980 from the Authentik discord channel 🙂
@@cooptonian Thanks for the comment to uncheck global settings. It took me while to find it but that solved the issue. Hopefully they will update the documentation.
For some reason, I can send an email from the terminal using 'ak test_email -s recovery-stage' but not using the flow recovery stage without getting an error. Any ideas?
...sounds very much like this other user I gave advice to try in discord: discord.com/channels/809154715984199690/809154716507963434/1011182605498056775 ...in case you don't have discord to access that chat, I said "......have you tried manually entering your email settings in your email stage and bypass global settings to see if that works?"
@@cooptonian I had the same problem as @waddoo1234 and manually entering the email settings in the email stage to bypass the global settings (which were configured properly in my environmental variables) fixed the issue, thanks!
@@cooptonian Hi there, I am stuck here as well. Global settings are fine. I also tried manually entering my email settings bypassing the global settings. I always get the following error in the logs (last line): ssl.SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:992)
@@rguifa ...double check you have the email settings/variables in both your authentik server and worker. Also double check your TLS/SSL options match their respective port numbers...the commmand to test or bypass should definitely work, if not then it is most likely a mail configuration issue...
@@cooptonian I will keep trying, so far no luck. I will try another email account, I have complete control over the account I am using since it's a company's address I created myself. Thanks for answering though
