User Tools

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
services:immich [2025/02/24 10:25] – [SSO authentication setup] willyservices:immich [2025/03/13 14:41] (current) – [Installation] willy
Line 18: Line 18:
 Immich needs to be installed using a docker compose file. This is the official and only supported installation method. I will show you, of course, how to run it rootless with podman. Immich installation is detailed [[https://immich.app/docs/install/docker-compose|here]], and i suggest you take a look at. Immich needs to be installed using a docker compose file. This is the official and only supported installation method. I will show you, of course, how to run it rootless with podman. Immich installation is detailed [[https://immich.app/docs/install/docker-compose|here]], and i suggest you take a look at.
  
-I assume you have already created the photo user and group (see [[services:photomanagement|here]], but in case you didn't, here you go:+I assume you have already created the photo user and group (see [[selfhost:photomanagement|here]], but in case you didn't, here you go:
 <code bash> <code bash>
 useradd -d /data/daemons/photos photos useradd -d /data/daemons/photos photos
Line 116: Line 116:
 Immich support direct integration with [[selfhost:sso|Authelia SSO]], specific instructions can be found [[https://www.authelia.com/integration/openid-connect/immich/|on this page]]. Immich support direct integration with [[selfhost:sso|Authelia SSO]], specific instructions can be found [[https://www.authelia.com/integration/openid-connect/immich/|on this page]].
  
-First of all, you need to configure Authelia with a new: +First of all, you need to configure Authelia with a new client:
 <code> <code>
 identity_providers: identity_providers:
Line 144: Line 143:
 authelia crypto rand --length 72 --charset rfc3986 authelia crypto rand --length 72 --charset rfc3986
 </code> </code>
 +This information will need to copied to both authelia config and immich settings.
  
 To generate a Client Secret: To generate a Client Secret:
Line 149: Line 149:
 authelia crypto hash generate pbkdf2 --variant sha512 --random --random.length 72 --random.charset rfc3986 authelia crypto hash generate pbkdf2 --variant sha512 --random --random.length 72 --random.charset rfc3986
 </code> </code>
 +Please note **both** the hash and the password itself! You will need the password itself in the next step.
 +
 +Then you need to configure Immich to use Authelia SSO, so go to //Immich web gui → administration → settings → Authentication settings// and enter the following information:
 +  * Issuer URL: https://auth.example.com/.well-known/openid-configuration.
 +  * Client ID: << the generated ClientID >>.
 +  * Client Secret: insecure_secret.
 +  * Scope: openid profile email.
 +  * Button Text: Login with Authelia.
 +  * Auto Register: Enable if desired.
 +
 +
  
  

This website uses technical cookies only. No information is shared with anybody or used in any way but provide the website in your browser.

More information