Skip to main content


Support level: Community

What is Portainer

Portainer is a powerful, GUI-based Container-as-a-Service solution that helps organizations manage and deploy cloud-native applications easily and securely.



This is based on authentik 2021.7.3 and Portainer 2.6.x-CE. Portainer 2.6 supports OAuth without additional licenses, 1.x Series requires a paid license for OAuth.


The following placeholders will be used:

  • is the FQDN of Portainer.
  • is the FQDN of authentik.

Step 1 - authentik

In authentik, under Providers, create an OAuth2/OpenID Provider with these settings:


Only settings that have been modified from default have been listed.

Protocol Settings

  • Name: Portainer
  • Client ID: Copy and Save this for Later
  • Client Secret: Copy and Save this for later
  • Redirect URIs/Origins:

Step 2 - Portainer

In Portainer, under Settings, Authentication, Select OAuth and Custom

  • Client ID: Client ID from step 1
  • Client Secret: Client Secret from step 1
  • Authorization URL:
  • Access Token URL:
  • Redirect URL:
  • Resource URL:
  • Logout URL:
  • User Identifier: preferred_username (Or email if you want to use email addresses as identifiers)
  • Scopes: email openid profile

Portainer by default shows commas between each item in the Scopes field. Do NOT use commas. Use a space

Step 3 - authentik

In authentik, create an application which uses this provider. Optionally apply access restrictions to the application using policy bindings.