+- Jellyfin Forum (https://forum.jellyfin.org)
+-- Forum: Support (https://forum.jellyfin.org/f-support)
+--- Forum: Troubleshooting (https://forum.jellyfin.org/f-troubleshooting)
+---- Forum: Networking & Access (https://forum.jellyfin.org/f-networking-access)
+---- Thread: SOLVED: Jellyfin, Authentik and admin-accounts (/t-solved-jellyfin-authentik-and-admin-accounts)
Jellyfin, Authentik and admin-accounts - mayday3693 - 2024-09-14
I have setup my Jellyfin to authenticate with my Authentik server using the SSO-plugin. Everything in terms of user authentication and settings roles based on Authentik user groups is working great, but now I am wondering about the local Jellyfin account that authenticates with password and username straight to Jellyfin.
Simple solution would be to disable this account altogether, but this leaves me stuck in case of Authentik goes down. Is there a way to disable and enable accounts through config-files through ssh? I will always have connection to the server itself in case of trouble and this would allow me to have a break-glass-account that would normally be disabled.
Other option would be to limit said accounts login based on IP and only allow login from LAN-networks. This however seems like a lot of work and Jellyfin currently doesn't seem to offer any tools for this. Thus it's only a second option.
Any ideas on how this should be managed? The main goal is to have Jellyfin behind MFA everywhere outside of LAN.
RE: Jellyfin, Authentik and admin-accounts - mayday3693 - 2024-09-14
Just to reply to myself... I'm an idiot. There is this "Allow remote connections to this server" setting on the user page, literally the first setting.
This is solved now. Just unchecked that and now I have a local admin account without Authentik in case my Authentik server goes down.
RE: Jellyfin, Authentik and admin-accounts - unmesh59 - 2024-09-21
@mayday3693
I've been using Jellyfin over the LAN only and would love to be able to use it over the WAN with MFA like you've done.
Were you able to find detailed instructions somewhere or did you have to piece the solution together? And does this work
with Jellyfin clients like Roku that don't have a web browser?
Thanks