diff --git a/components/frontend.nix b/components/frontend.nix
index 49e4949..ccbfa20 100644
--- a/components/frontend.nix
+++ b/components/frontend.nix
@@ -12,6 +12,9 @@ buildNapalmPackage "${authentik-src}/web" rec {
     ln -sv ${authentikComponents.docs} ../website
     ln -sv ${authentik-src}/package.json ../
   '';
+  # upstream does not clearly separate development dependencies
+  # from release build dependencies, therefore this workaround
+  CHROMEDRIVER_SKIP_DOWNLOAD = "true";
   npmCommands = [
     "npm install --include=dev --nodedir=${nodejs}/include/node --loglevel verbose"
     "npm run build"
diff --git a/components/gopkgs.nix b/components/gopkgs.nix
index 6149028..b8f1083 100644
--- a/components/gopkgs.nix
+++ b/components/gopkgs.nix
@@ -41,7 +41,7 @@ buildGo123Module {
     "cmd/proxy"
     "cmd/radius"
   ];
-  vendorHash = "sha256-xaVEyG5fNGh/zmXkewve5V2q2W7u+hqo27GqabAV9H0=";
+  vendorHash = "sha256-x5y+3s4PkiE5HieXOHNaMPPvSwhh8gJ73JkfQps1/nU=";
   nativeBuildInputs = [ makeWrapper ];
   doCheck = false;
   postInstall = ''
diff --git a/flake.lock b/flake.lock
index 1dcc925..00682a7 100644
--- a/flake.lock
+++ b/flake.lock
@@ -3,16 +3,16 @@
     "authentik-src": {
       "flake": false,
       "locked": {
-        "lastModified": 1730315123,
-        "narHash": "sha256-UYOdBlkGeIGCG/pCGLANWv1bKTdBEUp6jTiLG7BpY7E=",
+        "lastModified": 1730324748,
+        "narHash": "sha256-nhQl16FBK5eFSvBnwyDzmSQnJsIigRQpOxYtPlDPBxk=",
         "owner": "goauthentik",
         "repo": "authentik",
-        "rev": "e8b5e4c1272151f4a3666e53754f7deefb8e2fb3",
+        "rev": "6ce33ab912d764a87ec75876febcd57a6355f3c8",
         "type": "github"
       },
       "original": {
         "owner": "goauthentik",
-        "ref": "version/2024.8.4",
+        "ref": "version/2024.10.0",
         "repo": "authentik",
         "type": "github"
       }
diff --git a/flake.nix b/flake.nix
index 9086c6f..9fe05b7 100644
--- a/flake.nix
+++ b/flake.nix
@@ -32,7 +32,7 @@
       };
     };
     authentik-src = { # change version string in outputs as well when updating
-      url = "github:goauthentik/authentik/version/2024.8.4";
+      url = "github:goauthentik/authentik/version/2024.10.0";
       flake = false;
     };
   };
@@ -51,7 +51,7 @@
     { inherit inputs; }
     ({ inputs, lib, withSystem, ... }:
     let
-      authentik-version = "2024.8.4"; # to pass to the drvs of some components
+      authentik-version = "2024.10.0"; # to pass to the drvs of some components
     in {
       systems = import inputs.systems;
       flake = { self, ... }: {
diff --git a/poetry2nix-python-overrides.nix b/poetry2nix-python-overrides.nix
index 3cc63d5..f51f6bd 100644
--- a/poetry2nix-python-overrides.nix
+++ b/poetry2nix-python-overrides.nix
@@ -109,10 +109,32 @@ pkgs:
         '';
       });
      msgraph-sdk = prev.msgraph-sdk.overrideAttrs (oA: {
-        nativeBuildInputs = oA.nativeBuildInputs ++ [
-          final.flit-core
-        ];
-      });
+       nativeBuildInputs = oA.nativeBuildInputs ++ [
+         final.flit-core
+       ];
+     });
+     python-kadmin = prev.python-kadmin.overrideAttrs (oA: {
+       nativeBuildInputs = oA.nativeBuildInputs ++ [
+         final.setuptools
+         final.poetry-core
+       ];
+       buildInputs = oA.buildInputs ++ [
+         pkgs.krb5
+       ];
+       pythonImportsCheck = [ "kadmin" ];
+     });
+     gssapi = prev.gssapi.overrideAttrs (oA: {
+       nativeBuildInputs = oA.nativeBuildInputs ++ [
+         final.setuptools
+         final.cython
+         pkgs.krb5 # needs krb5-config
+       ];
+       postPatch = ''
+         substituteInPlace setup.py \
+           --replace-fail 'get_output(f"{kc} gssapi --prefix")' '"${pkgs.krb5.dev}"'
+       '';
+       pythonImportsCheck = [ "gssapi" ];
+     });
     }
   )
 ]