Skip to main content

Agent CLI commands

The following commands are available when interacting with the authentik Agent via the command line.

Flags

Most of the CLI commands have a -v/--verbose flag for verbose output. Use the -h/--help flag to access help information.

authentik-cli commands

auth

Commands for authenticating with different CLI applications.

ak auth <command>
  • aws - Authenticate to AWS with the authentik profile.
  • kubectl - Authenticate to a Kubernetes Cluster with the authentik profile.
  • raw - Authenticate to arbitrary API calls.
  • vault - Generate a JWT for authenticating to HashiCorp Vault.

completion

Generate the autocompletion script for the specified shell.

ak completion <command>
  • bash - Generate the autocompletion script for bash.
  • fish - Generate the autocompletion script for fish.
  • powershell - Generate the autocompletion script for PowerShell.
  • zsh - Generate the autocompletion script for zsh.

config

Configure authentik CLI

ak config <command>
  • list-profiles - List profiles that are enabled on the device. Each profile is associated with a separate authentik deployment.
  • setup - Configure authentik CLI.

help

Output help information about any command.

ak help <command>

Where <command> is any authentik CLI command you want help with, for example: ak help ssh

ssh

Establish an SSH connection with the target endpoint device.

ak ssh <hostname>

system

Commands for interacting with authentik sessions.

ak system <command>
  • status - Status about the current session.

whoami

Check user account details for a given profile.

ak whoami

authentik-sysd commands

agent

Used to run the authentik system agent

ak-sysd agent

-d for debug --disable-component to disable a component, can be used multiple times.

Components:

  • agent_starter: Responsible for starting the authentik user agent
  • auth: Authentication components for interactive and token-based authentication
  • ctrl: Provides a control socket for the CLI to join domains, etc
  • device: Handles device compliance checkins and validations
  • directory: Provides directory services on linux system
  • ping: Provides a ping service for healthchecking
  • session: Handles sessions created with local device authentication/SSH

completion

Generate the autocompletion script for the specified shell.

ak-sysd completion <command>
  • bash - Generate the autocompletion script for bash.
  • fish - Generate the autocompletion script for fish.
  • powershell - Generate the autocompletion script for powershell.
  • zsh - Generate the autocompletion script for zsh.

domains

ak-sysd domains <command>
  • join - Join an authentik domain, for example ak-sysd domains join <name_for_authentik_domain> -a <authentik_URL>

help

ak-sysd help <command>

Where <command> is any authentik CLI command you want help with, for example: ak-sysd help domains

troubleshoot

ak-sysd troubleshoot <command>
  • check - Check status of authentik agent components. Useful on Linux as there are various components being used.
  • inspect - Outputs the state database that the agent has.
  • facts - Outputs device facts. These are the facts that are sent to authentik for device reporting.