website/docs: release notes for 2026.2.0

[gergosimonyi]

No description provided.

[netlify]

✅ Deploy Preview for authentik-integrations ready!

Name	Link
🔨 Latest commit	d46ff2d
🔍 Latest deploy log	https://app.netlify.com/projects/authentik-integrations/deploys/698b75a80f61820008b3e663
😎 Deploy Preview	https://deploy-preview-20013--authentik-integrations.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[netlify]

✅ Deploy Preview for authentik-docs ready!

Name	Link
🔨 Latest commit	d46ff2d
🔍 Latest deploy log	https://app.netlify.com/projects/authentik-docs/deploys/698b75a80f61820008b3e661
😎 Deploy Preview	https://deploy-preview-20013--authentik-docs.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 93.34%. Comparing base (2f2488b) to head (d46ff2d).
⚠️ Report is 2 commits behind head on main.
✅ All tests successful. No failed tests found.

Additional details and impacted files

@@           Coverage Diff           @@
##             main   #20013   +/-   ##
=======================================
  Coverage   93.33%   93.34%           
=======================================
  Files         978      978           
  Lines       54543    54543           
=======================================
+ Hits        50908    50913    +5     
+ Misses       3635     3630    -5     

Flag	Coverage Δ
conformance	37.75% <ø> (+<0.01%)	⬆️
e2e	43.62% <ø> (+<0.01%)	⬆️
integration	22.57% <ø> (+<0.01%)	⬆️
unit	91.53% <ø> (+0.01%)	⬆️
unit-migrate	91.56% <ø> (+<0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[github-actions]

authentik PR Installation instructions

Instructions for docker-compose

Add the following block to your .env file:

AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-d46ff2db23ae491511e21b95e80e34ae2c5fbe0a
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s

Afterwards, run the upgrade commands from the latest release notes.

Instructions for Kubernetes

Add the following block to your values.yml file:

authentik:
    outposts:
        container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
global:
    image:
        repository: ghcr.io/goauthentik/dev-server
        tag: gh-d46ff2db23ae491511e21b95e80e34ae2c5fbe0a

Afterwards, run the upgrade commands from the latest release notes.

[netlify]

✅ Deploy Preview for authentik-storybook ready!

Name	Link
🔨 Latest commit	86f0673
🔍 Latest deploy log	https://app.netlify.com/projects/authentik-storybook/deploys/698b74e6687a05000888a0ab
😎 Deploy Preview	https://deploy-preview-20013--authentik-storybook.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[dewi-tik]

Suggested change

	Local Device Login now works on Linux too and also supports webauthn/FIDO2.
	[Local Device Login](../../endpoint-devices/authentik-agent/device-authentication/local-device-login/linux.md) now works on Linux too and also supports webauthn/FIDO2.

[dewi-tik]

Suggested change

	Endpoints now has a FleetDM connector integration. You can now pull in device facts and signals data from Fleet into authentik to implement Conditional Access rules.
	TODO: Link docs currently being written by @dewi-tik
	Endpoints now has a [Fleet connector](../../endpoint-devices/device-compliance/connectors/fleetdm.md) integration. You can now pull device facts and signals data from [Fleet](https://fleetdm.com/) into authentik to implement Conditional Access rules.

[PeshekDotDev]

Suggested change

	### SAML Provider
	The SAML provider's metadata parser now supports importing Single Logout Service endpoints and encryption certificates. Also, encryption certificates without private keys are now accepted, and the structure of encrypted SAML assertions has been corrected. The signing order for encrypted SAML responses has been fixed, and signature algorithm options are now automatically pulled from the selected signing certificate. The SP ACS binding field has been lowered in the form and will soon be sunset, as defaulting to POST should work in every case.
	### SAML Source
	SAML sources now correctly handle transient usernames longer than 150 characters by truncating them. AuthnRequest signatures are no longer incorrectly embedded in the request body when using the redirect binding. The signature verification order has been fixed to properly accommodate encrypted assertions, and InvalidSignature exceptions are now properly caught. Status message handling has also been improved for better error reporting.

[devil1234]

Should be Python ?

[dewi-tik]

It's version 3.14 of python

[devil1234]

I was meaning is written as πthon not Python

[devil1234]

I was meaning is written as πthon not Python

[dominic-r]

π = 3.14159...

it's meant as a joke