enterprise: account lockdown

[dominic-r]

Overview:

This PR introduces Account Lockdown (enterprise), allows admins to secure user accounts in emergency situations.

Key capabilities:

• Deactivates the user account
• Sets the user's password to a random value
• Terminates all active sessions across devices
• Revokes all tokens (API, OAuth access, refresh tokens)
• Supports bulk lockdown for multiple users (Gergo is gonna love this one)
• Self-service lockdown allowing users to lock their own account

Screenshots:

$TODO

Testing:

Unit tests and manual testing

Motivation:

Internal, Closes: #18160

[netlify]

✅ Deploy Preview for authentik-integrations ready!

Name	Link
🔨 Latest commit	bb961a6
🔍 Latest deploy log	https://app.netlify.com/projects/authentik-integrations/deploys/698b67e9d57ad4000895d9c1
😎 Deploy Preview	https://deploy-preview-18615--authentik-integrations.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[netlify]

✅ Deploy Preview for authentik-docs ready!

Name	Link
🔨 Latest commit	bb961a6
🔍 Latest deploy log	https://app.netlify.com/projects/authentik-docs/deploys/698b67e96e3bc20007a1ec56
😎 Deploy Preview	https://deploy-preview-18615--authentik-docs.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[netlify]

✅ Deploy Preview for authentik-storybook ready!

Name	Link
🔨 Latest commit	bb961a6
🔍 Latest deploy log	https://app.netlify.com/projects/authentik-storybook/deploys/698b67e969c2cb0008ab7d19
😎 Deploy Preview	https://deploy-preview-18615--authentik-storybook.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[codecov]

Codecov Report

❌ Patch coverage is 96.32768% with 26 lines in your changes missing coverage. Please review.
✅ Project coverage is 93.27%. Comparing base (233377e) to head (bb961a6).
⚠️ Report is 1 commits behind head on main.
✅ All tests successful. No failed tests found.

Files with missing lines	Patch %	Lines
...hentik/enterprise/stages/account_lockdown/stage.py	86.81%	12 Missing ⚠️
...uthentik/enterprise/stages/account_lockdown/api.py	93.27%	8 Missing ⚠️
authentik/flows/views/executor.py	40.00%	6 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #18615      +/-   ##
==========================================
+ Coverage   93.25%   93.27%   +0.02%     
==========================================
  Files         968      974       +6     
  Lines       53616    54321     +705     
==========================================
+ Hits        49998    50669     +671     
- Misses       3618     3652      +34     

Flag	Coverage Δ
conformance	37.67% <16.24%> (-0.29%)	⬇️
e2e	43.57% <16.94%> (-0.36%)	⬇️
integration	22.93% <15.39%> (+0.21%)	⬆️
unit	91.46% <96.32%> (+0.06%)	⬆️
unit-migrate	91.49% <96.32%> (+0.04%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[github-actions]

authentik PR Installation instructions

Instructions for docker-compose

Add the following block to your .env file:

AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-bb961a6384a03afd816b72bf5f1297ece96906ac
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s

Afterwards, run the upgrade commands from the latest release notes.

Instructions for Kubernetes

Add the following block to your values.yml file:

authentik:
    outposts:
        container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
global:
    image:
        repository: ghcr.io/goauthentik/dev-server
        tag: gh-bb961a6384a03afd816b72bf5f1297ece96906ac

Afterwards, run the upgrade commands from the latest release notes.

[dewi-tik]

Few minor changes to docs.