Authentik App Token
Service Name: Authentik
Service Description: Authentik is an open-source Identity Provider focused on flexibility and versatility. It provides authentication, authorization, and user management capabilities with support for various authentication methods and protocols like SAML, OAuth, and LDAP.
Service Address: https://goauthentik.io/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the application policy level within Authentik.
Secret Access Scope: Grants programmatic access to Authentik's API, allowing management of users, applications, flows, and other identity resources.
Secret Revokement URL: https://goauthentik.io/docs/users/tokens
Secret Example: ak_1234abcd5678efgh9012ijkl3456mnop7890qrst
Suspicious Activity Investigation Instructions:
- Review Authentik audit logs for unusual API calls or access patterns
- Check for unauthorized user creation, modification, or deletion events
- Monitor for changes to authentication flows or policies
- Investigate any unexpected application integrations or permission changes
- Review IP addresses and locations that have used the token
Mitigation Instructions:
- Log in to your Authentik admin dashboard
- Navigate to the Users section
-
Select the user associated with the compromised token
-
Go to the "Tokens" tab
- Locate the compromised token and click "Revoke"
- Consider implementing shorter token expiration times
- Review and update access policies as needed
- Enable additional security features like IP restrictions or MFA for administrative
access