-
Notifications
You must be signed in to change notification settings - Fork 0
Provider Authelia
Kolin edited this page Jun 13, 2026
·
1 revision
- Authelia running and accessible
- A Jellyfin OIDC client configured in Authelia
In your Authelia configuration (configuration.yml), add a new OIDC client:
identity_providers:
oidc:
clients:
- client_id: jellyfin
client_name: Jellyfin
client_secret: '<your-secret-hash>'
public: false
authorization_policy: one_factor
redirect_uris:
- https://<your-jellyfin-domain>/sso/OID/redirect/authelia
scopes:
- openid
- profile
- groups
userinfo_signed_response_alg: none
token_endpoint_auth_method: client_secret_basicGenerate a secret hash with:
authelia crypto hash generate pbkdf2 --variant sha512
| Field | Value |
|---|---|
| Provider Name | authelia |
| OpenID Endpoint | https://<authelia-domain> |
| Client ID | jellyfin |
| Client Secret | your plain-text secret |
| Role Claim | groups |
| Request Additional Scopes | groups |
| Disable Pushed Authorization | Enabled (required) |
Authelia does not support Pushed Authorization Requests (PAR). You must enable Disable Pushed Authorization in the security-sensitive options.
Set Roles to the Authelia group names that are allowed to log in:
jellyfin
Set Admin Roles to groups that should receive admin access:
jellyfin-admins
https://<your-jellyfin-domain>/sso/OID/redirect/authelia
Getting Started
Configuration
Providers
Reference
Development