feat(iam): add authentik sso how-to page (#5879)

christian-vdz · ldecarvalho-doc · web-flow · commit 4cdee8bf737d · 2025-12-10T16:01:07.000+01:00
* feat(iam): add authentik sso how-to page

* fix: update dates

Co-authored-by: ldecarvalho-doc &lt;82805470+ldecarvalho-doc@users.noreply.github.com&gt;

* fix: description

Co-authored-by: ldecarvalho-doc &lt;82805470+ldecarvalho-doc@users.noreply.github.com&gt;

* fix: typo

Co-authored-by: ldecarvalho-doc &lt;82805470+ldecarvalho-doc@users.noreply.github.com&gt;

* fix: update Authentik Providers step

* fix: update validation and post date

* fix: update since metadata upload feature

* fix: missing "the"

Co-authored-by: ldecarvalho-doc &lt;82805470+ldecarvalho-doc@users.noreply.github.com&gt;

* feat: add menu entry

---------

Co-authored-by: ldecarvalho-doc &lt;82805470+ldecarvalho-doc@users.noreply.github.com&gt;
diff --git a/pages/iam/how-to/set-up-identity-federation.mdx b/pages/iam/how-to/set-up-identity-federation.mdx
@@ -74,7 +74,7 @@ Follow the steps below to set up Identity Federation for your Organization throu
     <Message type="note">
       You can close the Identity Provider pop-up without adding the certificate right away. The certificate can [be added at a later time](#how-to-add-a-certificate). However, while the certificate is not added, the connection between Scaleway and your Identity Provider will not be complete and the SSO feature will not work for your Organization members.
     </Message>
-9. Click **Complete setup**.
+9. Click **Complete set up**.
 
 Once setup is complete, members can log in via SAML.
 
diff --git a/pages/iam/how-to/set-up-sso-with-authentik.mdx b/pages/iam/how-to/set-up-sso-with-authentik.mdx
@@ -0,0 +1,70 @@
+---
+title: How to set up SSO with Authentik
+description: This page helps you to implement Single Sign-On in your Organization with Authentik 
+dates:
+  validation: 2025-12-10
+  posted: 2025-12-10
+---
+import Requirements from '@macros/iam/requirements.mdx'
+
+Scaleway supports Identity Federation to provide your teams with secure access to their accounts via SAML Single Sign-On.
+
+<Message type="note">
+  SSO with SAML does not apply to an Organization's Owner. Owners can log in with SSO with OAuth2.
+</Message>
+
+Follow the steps below to set up Identity Federation for your Organization through SAML at Scaleway.
+
+<Requirements />
+
+- A Scaleway account logged into the [console](https://console.scaleway.com)
+- [Owner](/iam/concepts/#owner) status or [IAM permissions](/iam/concepts/#permission) allowing you to perform actions in the intended Organization
+- Authentik instance and user allowing you to perform admin actions.
+
+## Create a new Identity Provider
+
+### On Scaleway console
+
+1. Go to your security settings.
+2. Scroll to the **Configure Identity Federation** section.
+3. Click **Set up SAML SSO**. A pop-up appears.
+4. Click **Start**
+5. Open another tab to start IdP configuration on Authentik.
+
+### On Authentik
+
+1. Look for **Applications** in your sidebar and click to open **Providers** section.
+2. Click **Create**. A pop-up appears.
+3. Choose **SAML** provider type.
+4. Click **Next**.
+5. Fill the configuration form.
+    - Name: "Scaleway IDP"
+    - ACS URL: **Assertion consumer service (ACS) URL** (from Scaleway tab)
+    - Issuer: **Scaleway Entity ID**  (from Scaleway tab)
+    - Service Provider Binding: Select **Post**
+    - Advanced protocol settings
+        - Signing Certificate: Select **authentik Self-signed Certificate**
+        - Toggle **Sign assertions** and **Sign responses** on
+        - NameID Property Mapping: Select **authentik default SAML Mapping: Username**
+6. Click **Finish**
+7. Click on your newly created Provider in the list.
+8. Click the **Create** button below **Assigned to application**. A pop-up appears.
+9. Fill the configuration form.
+    - Name: "Scaleway"
+    - Provider: Select **Scaleway IDP**
+10. Click **Create**
+11. Click to download the metadata file in the **Related objects section**
+12. Go back to the Scaleway Console tab.
+
+### On Scaleway console
+
+1. Upload the metadata file using the **Download metadata** button.
+2. Click **Submit**. A pop-up appears.
+3. If you are sure that you don't use OAuth2 SSO, click **Confirm**
+
+Once setup is complete, members can log in via SAML.
+
+<Message type="important">
+  - In order to log in via SAML, members need to be [created manually](/iam/how-to/manage-members/#how-to-create-a-member) in your Scaleway organization.
+  - If you delete a user in the IdP, the corresponding Member is not automatically deleted in your Scaleway Organization. The [deletion must happen manually](/iam/how-to/manage-members/#how-to-delete-a-member).
+</Message>
diff --git a/pages/iam/menu.ts b/pages/iam/menu.ts
@@ -46,6 +46,10 @@ export const iamMenu = {
           label: 'How to set up identity federation',
           slug: 'set-up-identity-federation'
         },
+        {
+          label: 'How to set up SSO with Authentik',
+          slug: 'set-up-sso-with-authentik'
+        },
         {
           label: 'Create an application',
           slug: 'create-application',
