authentik-user-manager 1.3.0

Managing Authentik users via YAML files

Authentik User Manager

Manage Authentik users and group memberships via YAML configuration files.

Features

• Synchronize users and group memberships with Authentik instance
• Configure users and their group memberships via YAML files
• Create individual invitation links for new users
• Email notification system for user invitations

Installation

Install and run via pipx (Recommended)

pipx makes installing and running Python programs easier and avoids conflicts with other packages. Install it with:

pip3 install pipx

The following one-liner both installs and runs this program from PyPI:

pipx run authentik-user-manager

If you want to use authentik-user-manager without prepending it with pipx run every time, install it globally:

pipx install authentik-user-manager

To upgrade authentik-user-manager to the newest available version:

pipx upgrade authentik-user-manager

Other installation methods

You may also use pip directly:

pip install authentik-user-manager

CLI Usage

authentik-user-manager provides a command-line interface for synchronizing users and their group memberships with an Authentik instance.

Command Structure

auth-user-mgr <command> [options]

Main Commands

sync

Synchronize users with the Authentik instance:

auth-user-mgr sync -c <config_file> -u <users_file_or_directory>

For detailed help on any command with additional flags such as --dry and --no-email:

auth-user-mgr sync --help

import

Import users from a CSV file into the user inventory YAML files. This is useful for batch-adding users to groups, e.g. for events:

auth-user-mgr import -i <csv_file> -u <users_file_or_directory> -o <output_yaml> -g <groups>

For each user in the CSV:

• If they already exist in a YAML file under -u, their group memberships are updated in-place.
• If they are not found, they are appended to the -o output file with the specified groups.

Example:

auth-user-mgr import -i participants.csv -u config/users/ -o config/users/event.yaml -g "Event Group,Speakers"

The CSV file must have the columns name and email (required). A username column is optional — if empty, the username will be auto-generated at sync time. See config/users.import.sample.csv for an example.

Use --dry to preview changes without modifying any files:

auth-user-mgr import -i participants.csv -u config/users/ -o config/users/event.yaml -g "Event Group" --dry

For detailed help:

auth-user-mgr import --help

Configuration

The application's configuration and the list of managed users are stored in YAML files. You can find sample configuration files in the config/ directory.

Note: There are two ways how to store your users inventory:

1. In a single file, as shown in config/users.sample.yaml
2. In multiple files in one directory, as shown in config/users.sample/

API permissions

Especially for automated syncs, it is recommended to set up a system user in Authentik and create an API token for them. The following permissions are required:

• User: Can view User
• Group: Can view Group
• Group: Add user to group
• Group: Remove user from group
• Group: Can add Group
• Flow: Can view Flow
• Invitation: Can view Invitation
• Invitation: Can add Invitation
• Invitation: Can delete Invitation

Development and Contribution

We welcome contributions to improve this library. Please read CONTRIBUTING.md for all information.

License

The content of this repository is licensed under the Apache 2.0 license.

There may be components under different, but compatible licenses or from different copyright holders. The project is REUSE compliant which makes these portions transparent. You will find all used licenses in the LICENSES directory.

The project has been started by the OpenRail Association. You are welcome to contribute!