Authentik is a free, open-source identity provider that gives you SSO (Single Sign-On) for all your self-hosted applications.
What Is Authentik?
Authentik is an IdP (Identity Provider) that centralizes authentication across all your apps. One login for everything.
Key features:
- Single Sign-On (SSO) via SAML, OAuth2, OIDC, LDAP
- Multi-factor authentication
- User self-service (registration, password reset)
- Social login (Google, GitHub, etc.)
- Customizable login flows
- Application proxy (protect any app)
- User management dashboard
- Audit logging
- Branding customization
Quick Start
curl -o docker-compose.yml https://goauthentik.io/docker-compose.yml
curl -o .env https://goauthentik.io/.env
# Generate secrets
echo "AUTHENTIK_SECRET_KEY=$(openssl rand -base64 60)" >> .env
echo "PG_PASS=$(openssl rand -base64 36)" >> .env
docker compose up -d
Protect Any App
Authentik can add authentication to ANY web app — even those without built-in auth:
- Add app in Authentik
- Configure proxy provider
- Point Traefik/Nginx to use Authentik as auth middleware
- Users must log in through Authentik to access the app
Supported Protocols
- OAuth2/OIDC: Modern apps (Grafana, Gitea, Nextcloud, etc.)
- SAML: Enterprise apps
- LDAP: Legacy apps
- Proxy: Apps without auth support
Customizable Flows
Build custom login flows:
- Email verification required
- MFA enforcement for admin users
- Conditional access based on IP/device
- Custom user registration fields
- Approval workflows
Authentik vs Alternatives
| Feature | Keycloak | Authelia | Authentik |
|---|---|---|---|
| SSO protocols | All | Limited | All |
| Custom flows | Complex | No | Visual builder |
| App proxy | No | Yes | Yes |
| UI | Dated | N/A | Modern |
| Setup | Complex | Simple | Moderate |
| LDAP | Yes | No | Yes |
With 14K+ GitHub stars. One login for all your apps.
Need data from authenticated sites? Check out my tools on Apify. Custom solutions: spinov001@gmail.com
Top comments (0)