Immich
What is Immich
Immich is a self-hosted backup solution for photos and videos on mobile devices.
Preparation
The following placeholders will be used:
https://immich.company
is the URL used to access the Immich instance.authentik.company
is the FQDN of the authentik install.
authentik configuration
- Create a new OAuth2/OpenID Provider under Applications > Providers using the following settings:
- Name: Immich
- Authentication flow: default-authentication-flow
- Authorization flow: default-provider-authorization-explicit-consent
- Client type: Confidential
- Client ID: Either create your own Client ID or use the auto-populated ID
- Client Secret: Either create your own Client Secret or use the auto-populated secret
note
Take note of the
Client ID
andClient Secret
as they are required when configuring Immich. - Redirect URIs/Origins (RegEx):
note
Please note that the following URIs are just examples. Be sure to include all of the domains / URLs that you will use to access Immich.
- app.immich:///oauth-callback
- https://immich.company/auth/login
- https://immich.company/user-settings
- Signing Key: authentik Self-signed Certificate
- Leave everything else as default
- Open the new provider you've just created.
- Make a note of the OpenID Configuration Issuer.
Immich configuration
Immich documentation can be found here: https://immich.app/docs/administration/oauth
- In Immich, navigate to Administration > Settings > OAuth Authentication
- Configure Immich as follows:
- Issuer URL: Populate this field with the
OpenID Configuration Issuer
- Client ID: Enter your Client ID from authentik
- Client Secret: Enter your Client Secret from authentik
- Scope:
openid email profile
- Issuer URL: Populate this field with the