Immich
What is Immich
Immich is a self-hosted backup solution for photos and videos on mobile devices.
Preparation
The following placeholders will be used:
https://immich.company
is the URL used to access the Immich instance.authentik.company
is the FQDN of the authentik install.
authentik configuration
- Create a new OAuth2/OpenID Provider using the following settings:
- Name: Immich
- Authentication flow: default-authentication-flow
- Authorization flow: default-provider-authorization-explicit-consent
- Client type: Confidential
- Client ID: Either create your own Client ID or make a note of the auto-populated one
- Client Secret: Either create your own Client Secret or make a note of the auto-populated one
- Redirect URIs/Origins (RegEx): Please note that the following URIs are just examples. Be sure to include all of the domains / URLs that you will use to access Immich.
- Signing Key: authentik Self-signed Certificate
- Leave everything else as default
- Open the new provider you've just created.
- Make a note of the OpenID Configuration Issuer.
Immich Configuration
Immich documentation can be found here: https://immich.app/docs/administration/oauth
- In Immich, navigate to Administration > Settings > OAuth Authentication
- Configure Immich as follows:
- Issuer URL: Populate this field with the
OpenID Configuration Issuer
- Client ID: Enter your Client ID from authentik
- Client Secret: Enter your Client Secret from authentik
- Scope:
openid email profile
- Issuer URL: Populate this field with the