25
Authentik – Self-hosted SSO & Identity Provider (Okta/Auth0 alternative) (sh.itjust.works)
submitted 8 hours ago by Digitalescapetools@sh.itjust.works to c/digitalescapetooks@sh.itjust.works
7 comments fedilink hide all child comments

Authentik is an open-source identity provider you can host yourself.

It lets you use a single login across your self-hosted services, with support for OAuth2, OIDC, SAML, LDAP, and more.

Useful for managing access to apps like Jellyfin, Immich, Nextcloud, Vaultwarden, and other self-hosted tools.

GitHub: https://github.com/goauthentik/authentik

More details: https://digitalescapetools.com/tools/tool.html?id=authentik

More privacy-friendly tools: https://digitalescapetools.com/

top 7 comments
sorted by: hot top controversial new old
[-] assaultpotato@sh.itjust.works 1 points 5 hours ago

Is there a reason why Keycloak isn't used much? I've been loving it for years without issue but I rarely see it discussed.

[-] moonpiedumplings@programming.dev 2 points 3 hours ago

Keycloak only really acts as an OIDC/SAML provider. Whereas Authentik can do OIDC, SAML, LDAP, and more in a single app. It's just extremely rich.

I really like it because it has invites, which are extremely nice if you really want that form of fast onboarding.

[-] nonius@lemmy.zip 1 points 6 hours ago

I've experimented with Authentik and Authelia, but not enough or with adequate sec expertise to feel confident in either of them or other hostable auth applications.

Would anyone mind selling me in a particular direction and explaining why they prefer one service vs. another?

[-] moonpiedumplings@programming.dev 1 points 3 hours ago

Authentik is really feature rich, supporting the most out of any other provider.

The 3 killer features to me from authentik are:

  • OIDC
  • LDAP
  • Invites

Of course there are more. But software that does all 3 of those is rare, and I was frustrated trying to find them.

To play devil's advocate, Authentik is very big and unwieldy in some ways. If you only need OIDC for your family, then maybe pocket id or void auth may be more suitable.

[-] ferngully@lemmy.world 1 points 6 hours ago

I’ve used this for nearly two years and while I still think it’s a great app I grew kinda tired of all the new features being enterprise only. Specifically RADIUS with eap-tls auth for WiFi, and the newer device auth. While the ssh based auth is open source I have a couple of Linux desktops that would require enterprise licensing to authenticate via interactive login. I totally get wanting to make money on your software, for a home lab with even only $5 users, that would be $300/year.

Last week I switched to Kanidm and it’s just as good if not better. And much more lightweight. Built in RADIUS with eap-tls support and a unixd agant for ssh and desktop login. Everything just worked. Even setting up failover replication was a breeze. Highly recommend as an alternative. My only gripe is the web interface is bare bones and pretty ugly. But they do support css overrides and something can be thrown together fairly easily.

[-] moonpiedumplings@programming.dev 1 points 3 hours ago

Specifically RADIUS with eap-tls auth for WiFi

You can run authentik as an LDAP server and then federate a seperate server that supports RADIUS eap-tls as federated to that. So if you are willing to run an additional software that connects to LDAP, you can make it do basically anything.

[-] jodanlime@midwest.social 1 points 8 hours ago

I have been using this for my homelab for about a year. I haven't done anything too advanced, but I would say I'm a fan.

this post was submitted on 10 Jun 2026
25 points (100.0% liked)

digitalescapetools

112 readers
33 users here now

A hub for discovering and sharing privacy-respecting, open-source, and self-hosted digital tools that improve productivity, creativity, and digital independence.

founded 1 month ago
MODERATORS
Digitalescapetools@sh.itjust.works