diff --git a/ansible/authentik.yaml b/ansible/authentik.yaml
index 9511de5..1da14d0 100644
--- a/ansible/authentik.yaml
+++ b/ansible/authentik.yaml
@@ -4,3 +4,4 @@
   roles:
     - common
     - lego
+    - authentik
diff --git a/ansible/roles/authentik/tasks/main.yaml b/ansible/roles/authentik/tasks/main.yaml
new file mode 100644
index 0000000..4386269
--- /dev/null
+++ b/ansible/roles/authentik/tasks/main.yaml
@@ -0,0 +1,8 @@
+- name: Permit traffic in default zone on port 8443/tcp
+  ansible.posix.firewalld:
+    port: 8443/tcp
+    permanent: true
+    state: enabled
+    immediate: true
+    offline: true
+