Every self-hosted app needs its own login. Gitea login. Portainer login. n8n login. Nextcloud login. Grafana login. That's 5 different passwords for 5 different apps on the same server.
Authentik gives you one login for everything. SSO, LDAP, SAML2, OAuth2 — all the protocols your apps already support. One identity provider, one password, one MFA setup.
What You Get Free
Open-source (custom license, free for self-hosting):
- Single Sign-On (SSO) — one login for all your apps
- OAuth2/OpenID Connect — provider for modern apps
- SAML2 — for enterprise apps
- LDAP — for legacy apps (Gitea, Portainer, etc.)
- MFA — TOTP, WebAuthn/FIDO2, duo
- Social login — Google, GitHub, Discord, etc. as upstream providers
- User management — groups, roles, attributes
- Flows — customizable login/registration/recovery flows
- Branding — custom themes, logos, CSS
- Audit log — track every authentication event
- Proxy provider — add auth to apps that don't support it natively
Quick Start
# Download docker-compose
wget https://goauthentik.io/docker-compose.yml
# Generate secrets
echo "AUTHENTIK_SECRET_KEY=$(openssl rand -base64 60)" >> .env
echo "PG_PASS=$(openssl rand -base64 36)" >> .env
# Start
docker compose up -d
# Open http://localhost:9000/if/flow/initial-setup/
What You Can Build
1. Self-hosted SSO — one login for Gitea, Portainer, n8n, Grafana, Nextcloud.
2. Company identity — employee onboarding = one account = access to everything.
3. MFA everywhere — enforce 2FA across all applications from one place.
4. Auth proxy — protect any web app with authentication, even if it has no login page.
5. Customer portal — branded login pages for your SaaS customers.
Authentik vs Keycloak
Keycloak: Java-based, more enterprise features, more complex.
Authentik: Python-based, modern UI, easier to customize, better for homelab/small teams.
Need SSO implementation? Email spinov001@gmail.com
More free tiers: 59+ Free APIs Every Developer Should Bookmark
Top comments (0)