Authentik & SSO — FAQ
Login help for auth.saxobroko.com and SSO-protected apps (docs, dashboard). Passwords in Vaultwarden — not here.
AUTH-001 — What is Authentik?
- Single sign-on at auth.saxobroko.com — one login for many private sites.
- Credentials in Vaultwarden — search Authentik.
AUTH-002 — Docs sends me to Cloudflare Access first — normal?
- Yes — Access then Authentik then docs.
- See Authentik.
AUTH-003 — Which username and password?
- Unlock vault first.
- Search Authentik — copy, don't guess.
AUTH-004 — Wrong password at Authentik?
- Check Caps Lock.
- Copy from vault.
- Try incognito.
- Stop after 3 tries — ask Ryan.
AUTH-005 — Redirect loop on docs?
- Clear cookies for docs, cloudflareaccess, auth.
- Private window → log in again.
- Ryan checks Access callback if still broken.
AUTH-006 — Authentik OK but Access denied?
- User needs email on Authentik profile.
- Ryan adds you to Access policy.
AUTH-007 — Same login for dash.saxobroko.com?
- Yes — dash uses same Authentik SSO.
AUTH-008 — Authentik on phone?
- Open docs/dash in browser — same credentials.
- Use Bitwarden app to copy password.
AUTH-009 — Same as Vaultwarden master password?
- No — separate login stored inside vault.
AUTH-010 — Where does Authentik run?
- Docker on TrueNAS
192.168.2.203via Cloudflare Tunnel.
AUTH-011 — Add new family user?
- Ryan: Add Authentik user + Cloudflare Access.
AUTH-012 — Forgot Authentik password?
- Admin resets in Directory → Users, or ask Ryan.
- Save new password to vault.
AUTH-013 — Admin panel won't load?
- Check internet and NAS power.
- Ryan tries LAN
http://192.168.2.203:30140.
AUTH-014 — Cloudflare Access vs Authentik?
- Access = gate at edge. Authentik = username/password check.
AUTH-015 — YubiKey needed for Authentik?
- Usually no — see YubiKey FAQs for other services.
AUTH-016 — Session keeps expiring?
- Normal after long idle — re-login from vault.
- Avoid private browsing for daily use.
AUTH-017 — Stay logged in on shared PC?
- Only if you trust everyone — docs are private.
- Log out when done.
AUTH-018 — SSL warning on auth URL?
- Do not proceed — check clock, try another network, Ryan checks SSL.
AUTH-019 — Overseas can't reach auth?
- Tunnel may be geo-blocked — VPN to AU or wait for home access.
AUTH-020 — Need to know OAuth?
- No for daily use — Ryan handles
cloudflare-accessprovider config.
AUTH-021 — What else uses Authentik?
- Any site redirecting to auth.saxobroko.com — not banks.
AUTH-022 — Blank page after login?
- Hard refresh, incognito, check status.saxobroko.com.
AUTH-023 — Change Authentik username?
- Admin only — ask Ryan.
AUTH-024 — Two people logged in together?
- Fine — each should have own account.
AUTH-025 — Missing email on user?
- Required for Access — admin adds email in Directory.
AUTH-026 — How to log out?
- Sign out on auth or clear auth/cloudflareaccess cookies.
AUTH-027 — Recovery email exists?
- Check vault and physical handover — no public reset by default.
AUTH-028 — Login works but docs look old?
- Build/deploy issue — check GitHub Actions, not auth.
AUTH-029 — Ryan — API token location?
- Vaultwarden — never in git.
AUTH-030 — Client ID/Secret for Cloudflare?
- Zero Trust → Authentik IdP — rotate and copy once to vault.
AUTH-031 — Edit WAF skip rules?
- No — Ryan only if bot loops appear.
AUTH-032 — Home internet down — Authentik?
- Public auth needs NAS+tunnel — LAN port for emergency admin only.
AUTH-033 — LDAP or OIDC?
- OIDC (
cloudflare-access) — not LDAP for family.
AUTH-034 — Login page looks different — scam?
- Check URL is auth.saxobroko.com with padlock.
AUTH-035 — Wait between failed tries?
- 30 seconds — verify from vault first.
AUTH-036 — Kids get Authentik accounts?
- Ryan decides — docs have adult content.
AUTH-037 — Homepage login loop?
- Same cookie fix as docs — see Homepage.
AUTH-038 — Authentik for Vaultwarden?
- No — vault has its own master password.
AUTH-039 — After Saxon died — still works?
- Yes with vault+YubiKey+user account — see First 24 hours.
AUTH-040 — Delete Authentik after death?
- No — needed for docs during handover. Ryan keeps per will.
AUTH-041 — 502 on auth.saxobroko.com?
- Restart Authentik app + cloudflared on TrueNAS.
AUTH-042 — More help?
- Access guides, Login troubleshooting, Ctrl+K search.