# Paperless

## Introduction

This is a guide on integration of __Authelia__ and [Paperless] (specifically Paperless-ngx) via the trusted header SSO
authentication.

As with all guides in this section it's important you read the [introduction](../introduction.md) first.

## Tested Versions

* Authelia:
  * v4.38.7
* Paperless:
  * v2.7.2

## Before You Begin

This example makes the following assumptions:

* __Application Root URL:__ `https://paperless.{{< sitevar name="domain" nojs="example.com" >}}/`
* __Authelia Root URL:__ `https://{{< sitevar name="subdomain-authelia" nojs="auth" >}}.{{< sitevar name="domain" nojs="example.com" >}}/`

Some of the values presented in this guide can automatically be replaced with documentation variables.

{{< sitevar-preferences >}}

## Configuration

To configure [Paperless] to trust the `Remote-User` header do the following:

1. Configure the environment variables:

```env
PAPERLESS_ENABLE_HTTP_REMOTE_USER=true
PAPERLESS_HTTP_REMOTE_USER_HEADER_NAME=HTTP_REMOTE_USER
PAPERLESS_LOGOUT_REDIRECT_URL=https://{{< sitevar name="subdomain-authelia" nojs="auth" >}}.{{< sitevar name="domain" nojs="example.com" >}}/logout
```

## See Also

- [Paperless Advanced Usage Remote User Authentication Documentation](https://docs.paperless-ngx.com/advanced_usage/#remote-user-authentication)

[Paperless]: https://docs.paperless-ngx.com/