diff --git a/modules/server/containers/apps/authentik.nix b/modules/server/containers/apps/authentik.nix
index cb61013..acd8c54 100644
--- a/modules/server/containers/apps/authentik.nix
+++ b/modules/server/containers/apps/authentik.nix
@@ -2,11 +2,23 @@
 let 
   version = "2026.2.2";
   serverCfg = config.syscfg.server;
+  mediaCfg = config.syscfg.media;
+  authentikBackground = if mediaCfg.banner.png != null then mediaCfg.banner.png else mediaCfg.bg;
+  logoSvgFileName = builtins.baseNameOf (toString mediaCfg.logo.svg);
+  logoIcoFileName = builtins.baseNameOf (toString mediaCfg.logo.ico);
+  backgroundFileName = builtins.baseNameOf (toString authentikBackground);
+  logoSvgMount = "/media/custom/${logoSvgFileName}";
+  logoIcoMount = "/media/custom/${logoIcoFileName}";
+  backgroundMount = "/media/custom/${backgroundFileName}";
   authentikData = builder.mkData { 
     name = "authentik"; dir = "authentik"; vars = {
       AUTHENTIK_DOMAIN = "${containerCfg.subdomain}.${serverCfg.domain}";
       COOKIE_DOMAIN = "${serverCfg.domain}";
       AUTHENTIK_LDAP_DC_DOMAIN = "dc=ldap," + (lib.concatMapStringsSep "," (x: "dc=${x}") (lib.splitString "." serverCfg.domain));
+      AUTHENTIK_BRANDING_TITLE = if containerCfg.extra ? name then containerCfg.extra.name else "authentik";
+      AUTHENTIK_BRANDING_LOGO = "custom/${logoSvgFileName}";
+      AUTHENTIK_BRANDING_FAVICON = "custom/${logoIcoFileName}";
+      AUTHENTIK_BRANDING_BACKGROUND = "custom/${backgroundFileName}";
     } 
     // (if serverCfg.containers?jellyfin then { JELLYFIN_DOMAIN = "${serverCfg.containers.jellyfin.subdomain}.${serverCfg.domain}";} else {})
     // (if serverCfg.containers?gitea then { GITEA_DOMAIN = "${serverCfg.containers.gitea.subdomain}.${serverCfg.domain}";} else {})
@@ -60,6 +72,9 @@ in {
             "${serverCfg.path.config}/authentik/media:/media"
             "${serverCfg.path.config}/authentik/templates:/templates"
             "${authentikData}:/blueprints/custom:ro"
+            "${mediaCfg.logo.svg}:${logoSvgMount}:ro"
+            "${mediaCfg.logo.ico}:${logoIcoMount}:ro"
+            "${authentikBackground}:${backgroundMount}:ro"
           ];
         };
       };
@@ -82,6 +97,9 @@ in {
             "${serverCfg.path.config}/authentik/media:/media"
             "${serverCfg.path.config}/authentik/templates:/templates"
             "${authentikData}:/blueprints/custom:ro"
+            "${mediaCfg.logo.svg}:${logoSvgMount}:ro"
+            "${mediaCfg.logo.ico}:${logoIcoMount}:ro"
+            "${authentikBackground}:${backgroundMount}:ro"
           ];
         };
       };
@@ -103,6 +121,7 @@ in {
         AK="${pkgs.podman}/bin/podman --events-backend=none exec --env-file ${config.sops.secrets."CUSTOM".path} -e DOMAIN=${serverCfg.domain} -u root authentik-worker ak"
 
         $AK apply_blueprint /blueprints/custom/authentik.yaml
+        $AK apply_blueprint /blueprints/custom/branding.yaml
         $AK apply_blueprint /blueprints/custom/traefik.yaml
         $AK apply_blueprint /blueprints/custom/ldap.yaml