33
Authelia + Bitwarden + other selfhosted stuff (sh.itjust.works)
submitted 6 months ago by Gooey0210@sh.itjust.works to c/selfhosted@lemmy.world
21 comments fedilink hide all child comments

Hi, recently I started using authelia, and can't understand how I need to use it, and how do I share it with others

Before I had bitwarden, kept all my passwords there, and used the passwords to login to every service. Also in every service I had 2FA and/or FIDO.

But now I have authelia, and I'm trying to understand where should be the main password, and what services do I bypass, and etc

And the most important, how do I explain people how to use it, do I create them authelia credentials and send, or how?

Thank you

you are viewing a single comment's thread
view the rest of the comments
[-] Gooey0210@sh.itjust.works -2 points 6 months ago

There's no registration in authelia I believe 🥲

And my problem is, like, should authelia password be manually typed, if not, where do the people store the password if they don't have bitwarden yet

[-] JustEnoughDucks@feddit.nl 1 points 6 months ago

If you are looking for user management and registration, then Authelia is the wrong software for you.

Authelia is a very light weight security layer (and more recently SSO) that is only meant for few users precisely because it doesn't have an onboarding process, dynamic access control, and more advanced features. Everything is done through config files and secrets. The admin has to manually create a file or plaintext lines with the user and password for each new user and restart the container.

Authentik is what you want if you want a bunch of users and new user sign up.

As for bitwarden/SSO, they should be fully separate. Otherwise you will likely break Bitwarden app and browser integration functionality.

You also do not want to run into the case where you don't know your SSO password so you can't get into bitwarden to find the password and you are screwed.

Bitwarden, TOTP method, and SSO should ideally be separate and you should be able to access your passwords and TOTP without requiring any password that is exclusively in the Bitwarden database.

[-] Gooey0210@sh.itjust.works -1 points 6 months ago* (last edited 6 months ago)

There's actually a point of doing that, it's called lock down, but how to explain users how to do this 😆

For bitwarden functionality there are bypass rules on just a nginx location, or network somebody is reaching through

In general the situation reminds me using selfhosted email as a contact email for that hosting 😁 but I think in this case it's less risk because I control the data

Edit: and I'm not really looking for user management, I just want to know how to use authelia efficiently

this post was submitted on 18 Apr 2024
33 points (83.7% liked)

Selfhosted

39980 readers
436 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz