ansible/docs/guides/listmonk-authentik-oidc.md

Listmonk ↔ Authentik OIDC

Status: Live at https://listmonk.levkin.ca (LXC 221, 10.0.10.148).

Requires listmonk v5+ (OIDC). Upgraded from v2.4.0 → v6.1.0 on 2026-05-24.

Authentik

Item	Value
Application slug	listmonk
Provider name	listmonk-oidc
Client ID	listmonk
Redirect URI (strict)	https://listmonk.levkin.ca/auth/oidc
Subject mode	user_username
Signing key	authentik Self-signed Certificate
Access group	homelab-users (app binding)

Client secret: vault_listmonk_oidc_client_secret in Ansible vault (rotate if exposed).

Listmonk

Configured via Settings → Security → OIDC (stored in DB):

• Provider URL: https://auth.levkin.ca/application/o/listmonk/
• Auto-create users: enabled (Super Admin role id 1 for new SSO users)

Break-glass: local user listmonk (password login still enabled).

Login

1. Sign out: https://auth.levkin.ca/if/user/logout/
2. https://listmonk.levkin.ca/admin → Login with Authentik
3. Sign in as ilia (must be in homelab-users)

Upgrade (if needed)

ssh root@10.0.10.148
systemctl stop listmonk
curl -fsSL -o /tmp/lm.tgz https://github.com/knadh/listmonk/releases/download/v6.1.0/listmonk_6.1.0_linux_amd64.tar.gz
tar -xzf /tmp/lm.tgz -C /tmp && mv /tmp/listmonk /root/listmonk
/root/listmonk --config /etc/listmonk/config.toml --upgrade --yes
systemctl start listmonk

Related

• sso-selfhosted-matrix.md
• Listmonk OIDC docs