A hub for discovering and sharing privacy-respecting, open-source, and self-hosted digital tools that improve productivity, creativity, and digital independence.
Authentik is an open-source identity provider you can host yourself.
It lets you use a single login across your self-hosted services, with support for OAuth2, OIDC, SAML, LDAP, and more.
Useful for managing access to apps like Jellyfin, Immich, Nextcloud, Vaultwarden, and other self-hosted tools.
GitHub: https://github.com/goauthentik/authentik
More details: https://digitalescapetools.com/tools/tool.html?id=authentik
More privacy-friendly tools: https://digitalescapetools.com/
I’ve used this for nearly two years and while I still think it’s a great app I grew kinda tired of all the new features being enterprise only. Specifically RADIUS with eap-tls auth for WiFi, and the newer device auth. While the ssh based auth is open source I have a couple of Linux desktops that would require enterprise licensing to authenticate via interactive login. I totally get wanting to make money on your software, for a home lab with even only $5 users, that would be $300/year.
Last week I switched to Kanidm and it’s just as good if not better. And much more lightweight. Built in RADIUS with eap-tls support and a unixd agant for ssh and desktop login. Everything just worked. Even setting up failover replication was a breeze. Highly recommend as an alternative. My only gripe is the web interface is bare bones and pretty ugly. But they do support css overrides and something can be thrown together fairly easily.
Specifically RADIUS with eap-tls auth for WiFi
You can run authentik as an LDAP server and then federate a seperate server that supports RADIUS eap-tls as federated to that. So if you are willing to run an additional software that connects to LDAP, you can make it do basically anything.
an additional software that
'Software' isn't a countable, and doesn't attract an article like 'an'.
Is there a reason why Keycloak isn't used much? I've been loving it for years without issue but I rarely see it discussed.
Keycloak only really acts as an OIDC/SAML provider. Whereas Authentik can do OIDC, SAML, LDAP, and more in a single app. It's just extremely rich.
I really like it because it has invites, which are extremely nice if you really want that form of fast onboarding.
Perhaps I should take a look then, although I'll admit all my SSO stuff is over OIDC.
I'm not sure what you mean about LDAP. KC can absolutely interface with LDAP.
It can interface with ldap, but it cannot act as an ldap provider.
I have been using this for my homelab for about a year. I haven't done anything too advanced, but I would say I'm a fan.
Been using it for our whole company of about 25 people max at one moment, it really is grwat, especially the group based authorization where I differentiate between people who have access to all apps versus those who just need one (like externists from other companies so they can view tickets in our OpneProject).
I've experimented with Authentik and Authelia, but not enough or with adequate sec expertise to feel confident in either of them or other hostable auth applications.
Would anyone mind selling me in a particular direction and explaining why they prefer one service vs. another?
Authentik is really feature rich, supporting the most out of any other provider.
The 3 killer features to me from authentik are:
Of course there are more. But software that does all 3 of those is rare, and I was frustrated trying to find them.
To play devil's advocate, Authentik is very big and unwieldy in some ways. If you only need OIDC for your family, then maybe pocket id or void auth may be more suitable.