2024-09-14, 10:26 AM
(This post was last modified: 2024-09-14, 11:35 AM by mayday3693. Edited 1 time in total.)
I have setup my Jellyfin to authenticate with my Authentik server using the SSO-plugin. Everything in terms of user authentication and settings roles based on Authentik user groups is working great, but now I am wondering about the local Jellyfin account that authenticates with password and username straight to Jellyfin.
Simple solution would be to disable this account altogether, but this leaves me stuck in case of Authentik goes down. Is there a way to disable and enable accounts through config-files through ssh? I will always have connection to the server itself in case of trouble and this would allow me to have a break-glass-account that would normally be disabled.
Other option would be to limit said accounts login based on IP and only allow login from LAN-networks. This however seems like a lot of work and Jellyfin currently doesn't seem to offer any tools for this. Thus it's only a second option.
Any ideas on how this should be managed? The main goal is to have Jellyfin behind MFA everywhere outside of LAN.
Simple solution would be to disable this account altogether, but this leaves me stuck in case of Authentik goes down. Is there a way to disable and enable accounts through config-files through ssh? I will always have connection to the server itself in case of trouble and this would allow me to have a break-glass-account that would normally be disabled.
Other option would be to limit said accounts login based on IP and only allow login from LAN-networks. This however seems like a lot of work and Jellyfin currently doesn't seem to offer any tools for this. Thus it's only a second option.
Any ideas on how this should be managed? The main goal is to have Jellyfin behind MFA everywhere outside of LAN.