# Organizr LDAP Setup (Authentik)
Support level: Community ## What is organizr[​](https://goauthentik.io/integrations/services/organizr/#what-is-organizr "Direct link to What is organizr") > Organizr allows you to setup "Tabs" that will be loaded all in one webpage. > > \-- [https://github.com/causefx/Organizr](https://github.com/causefx/Organizr) This integration leverages authentik's LDAP for the identity provider to achieve an SSO experience. See [ldap provider generic setup](https://goauthentik.io/docs/providers/ldap/generic_setup) for setting up the LDAP provider. ## Preparation[​](https://goauthentik.io/integrations/services/organizr/#preparation "Direct link to Preparation") The following placeholders will be used: - `organizr.company` is the FQDN of the Service install. - `authentik.company` is the FQDN of the authentik install. Create a new user account *(or reuse an existing)* for organizr to use for LDAP bind under *Directory* -> *Users* -> *Create*, in this example called `ldapservice`. Note the DN of this user will be `cn=ldapservice,ou=users,dc=ldap,dc=goauthentik,dc=io`

*Optionally*, create a new group like `organizr users` to scope access to the organizr application.

## Authentik Configuration[​](https://goauthentik.io/integrations/services/organizr/#authentik-configuration "Direct link to authentik Configuration") 1. Create a new Proxy Provider for `https://organizr.company` ![](https://goauthentik.io/assets/images/organizr1-b1ef217babbce02ddddc22a8c32ebda6.png) *Optionally*, add the regular expression to allow api calls in the advanced protocol settings. ![](https://goauthentik.io/assets/images/organizr2-d280f1ddb23fa548df44ed29c4bc1d39.png) 2. Create a new Application for the `https://organizr.company` Provider. ![](https://goauthentik.io/assets/images/organizr3-9421eebe818e0fd54c3b0f66f8ebaed3.png)

TIP *Optionally*, bind the group to control access to the organizr to the application.

3.

![](https://goauthentik.io/assets/images/organizr4-3a2635f55a9df6ce3e587af7fd6c218e.png)

![](https://goauthentik.io/assets/images/organizr5-b8a1743daff42f30b84ab3b051e916d9.png) ::: 3. Add the Application to the authentik Embedded Outpost. ## organizr Configuration[​](https://goauthentik.io/integrations/services/organizr/#organizr-configuration "Direct link to organizr Configuration")

CAUTION Ensure any local usernames/email addresses in organizr do not conflict with usernames/email addresses in authentik.

1. Enable Auth Proxy in organizr *system settings* -> *main* -> *Auth Proxy* Auth Proxy Header Name: `X-authentik-username` Auth Proxy Whitelist: *your network subnet in CIDR notation IE* `10.0.0.0/8` Auth Proxy Header Name for Email: `X-authentik-email` Logout URL: `/outpost.goauthentik.io/sign_out` ![](https://goauthentik.io/assets/images/organizr6-a4fb29e0896bfe7f64c88cb1c9546c22.png) 2. Setup Authentication in organizr *system settings* -> *main* -> *Authentication* Authentication Type: `Organizr DB + Backend` Authentication Backend: `Ldap` Host Address: `` Host Base DN: `dc=ldap,dc=goauthentik,dc=io` Account Prefix: `cn=` Account Suffix: `,ou=users,dc=ldap,dc=goauthentik,dc=io` Bind Username: `cn=ldapservice,ou=users,dc=ldap,dc=goauthentik,dc=io` Bind Password: `` LDAP Backend Type: `OpenLDAP` ![](https://goauthentik.io/assets/images/organizr7-a95d978bd21069853ff57f4510e5e982.png)

INFO Access for authentik users is managed locally within organizr under *User Management*. By default, new users are assigned the `User` group.

`TIP` Consider front-ending your application with a [forward auth provider](https://goauthentik.io/docs/providers/proxy/forward_auth) for an SSO experience.