Skip to content

Authentik & SSO — FAQ

Login help for auth.saxobroko.com and SSO-protected apps (docs, dashboard). Passwords in Vaultwarden — not here.

AUTH-001 — What is Authentik?
  1. Single sign-on at auth.saxobroko.com — one login for many private sites.
  2. Credentials in Vaultwarden — search Authentik.
AUTH-002 — Docs sends me to Cloudflare Access first — normal?
  1. Yes — Access then Authentik then docs.
  2. See Authentik.
AUTH-003 — Which username and password?
  1. Unlock vault first.
  2. Search Authentik — copy, don't guess.
AUTH-004 — Wrong password at Authentik?
  1. Check Caps Lock.
  2. Copy from vault.
  3. Try incognito.
  4. Stop after 3 tries — ask Ryan.
AUTH-005 — Redirect loop on docs?
  1. Clear cookies for docs, cloudflareaccess, auth.
  2. Private window → log in again.
  3. Ryan checks Access callback if still broken.
AUTH-006 — Authentik OK but Access denied?
  1. User needs email on Authentik profile.
  2. Ryan adds you to Access policy.
AUTH-007 — Same login for dash.saxobroko.com?
  1. Yes — dash uses same Authentik SSO.
AUTH-008 — Authentik on phone?
  1. Open docs/dash in browser — same credentials.
  2. Use Bitwarden app to copy password.
AUTH-009 — Same as Vaultwarden master password?
  1. No — separate login stored inside vault.
AUTH-010 — Where does Authentik run?
  1. Docker on TrueNAS 192.168.2.203 via Cloudflare Tunnel.
AUTH-011 — Add new family user?
  1. Ryan: Add Authentik user + Cloudflare Access.
AUTH-012 — Forgot Authentik password?
  1. Admin resets in Directory → Users, or ask Ryan.
  2. Save new password to vault.
AUTH-013 — Admin panel won't load?
  1. Check internet and NAS power.
  2. Ryan tries LAN http://192.168.2.203:30140.
AUTH-014 — Cloudflare Access vs Authentik?
  1. Access = gate at edge. Authentik = username/password check.
AUTH-015 — YubiKey needed for Authentik?
  1. Usually no — see YubiKey FAQs for other services.
AUTH-016 — Session keeps expiring?
  1. Normal after long idle — re-login from vault.
  2. Avoid private browsing for daily use.
AUTH-017 — Stay logged in on shared PC?
  1. Only if you trust everyone — docs are private.
  2. Log out when done.
AUTH-018 — SSL warning on auth URL?
  1. Do not proceed — check clock, try another network, Ryan checks SSL.
AUTH-019 — Overseas can't reach auth?
  1. Tunnel may be geo-blocked — VPN to AU or wait for home access.
AUTH-020 — Need to know OAuth?
  1. No for daily use — Ryan handles cloudflare-access provider config.
AUTH-021 — What else uses Authentik?
  1. Any site redirecting to auth.saxobroko.com — not banks.
AUTH-022 — Blank page after login?
  1. Hard refresh, incognito, check status.saxobroko.com.
AUTH-023 — Change Authentik username?
  1. Admin only — ask Ryan.
AUTH-024 — Two people logged in together?
  1. Fine — each should have own account.
AUTH-025 — Missing email on user?
  1. Required for Access — admin adds email in Directory.
AUTH-026 — How to log out?
  1. Sign out on auth or clear auth/cloudflareaccess cookies.
AUTH-027 — Recovery email exists?
  1. Check vault and physical handover — no public reset by default.
AUTH-028 — Login works but docs look old?
  1. Build/deploy issue — check GitHub Actions, not auth.
AUTH-029 — Ryan — API token location?
  1. Vaultwarden — never in git.
AUTH-030 — Client ID/Secret for Cloudflare?
  1. Zero Trust → Authentik IdP — rotate and copy once to vault.
AUTH-031 — Edit WAF skip rules?
  1. No — Ryan only if bot loops appear.
AUTH-032 — Home internet down — Authentik?
  1. Public auth needs NAS+tunnel — LAN port for emergency admin only.
AUTH-033 — LDAP or OIDC?
  1. OIDC (cloudflare-access) — not LDAP for family.
AUTH-034 — Login page looks different — scam?
  1. Check URL is auth.saxobroko.com with padlock.
AUTH-035 — Wait between failed tries?
  1. 30 seconds — verify from vault first.
AUTH-036 — Kids get Authentik accounts?
  1. Ryan decides — docs have adult content.
AUTH-037 — Homepage login loop?
  1. Same cookie fix as docs — see Homepage.
AUTH-038 — Authentik for Vaultwarden?
  1. No — vault has its own master password.
AUTH-039 — After Saxon died — still works?
  1. Yes with vault+YubiKey+user account — see First 24 hours.
AUTH-040 — Delete Authentik after death?
  1. No — needed for docs during handover. Ryan keeps per will.
AUTH-041 — 502 on auth.saxobroko.com?
  1. Restart Authentik app + cloudflared on TrueNAS.
AUTH-042 — More help?
  1. Access guides, Login troubleshooting, Ctrl+K search.