Skip to main content

Immich

Support level: Community

What is Immich

Immich is a self-hosted backup solution for photos and videos on mobile devices.

-- https://immich.app/

Preparation

The following placeholders will be used:

  • https://immich.company is the URL used to access the Immich instance.
  • authentik.company is the FQDN of the authentik install.

authentik configuration

  1. Create a new OAuth2/OpenID Provider using the following settings:
    • Name: Immich
    • Authentication flow: default-authentication-flow
    • Authorization flow: default-provider-authorization-explicit-consent
    • Client type: Confidential
    • Client ID: Either create your own Client ID or make a note of the auto-populated one
    • Client Secret: Either create your own Client Secret or make a note of the auto-populated one
    • Redirect URIs/Origins (RegEx): Please note that the following URIs are just examples. Be sure to include all of the domains / URLs that you will use to access Immich.
    • Signing Key: authentik Self-signed Certificate
    • Leave everything else as default
  2. Open the new provider you've just created.
  3. Make a note of the OpenID Configuration Issuer.

Immich Configuration

Immich documentation can be found here: https://immich.app/docs/administration/oauth

  1. In Immich, navigate to Administration > Settings > OAuth Authentication
  2. Configure Immich as follows:
    • Issuer URL: Populate this field with the OpenID Configuration Issuer
    • Client ID: Enter your Client ID from authentik
    • Client Secret: Enter your Client Secret from authentik
    • Scope: openid email profile