Best Self-hosted SSO & Federated Identity (OIDC/SAML) tools in 2026
18 self-hosted open source alternatives in this category
See also:
Certificates, PKI & TLS AutomationIdentity & Access Management (IAM)Network Security (VPN, Firewall, WAF)Secrets, Passwords & VaultsThreat Detection, SIEM & Incident ResponseVulnerability Management, Compliance & Audit18 services found
Keycloak
Open-source identity and access management with SSO
Keycloak is an open-source IAM server providing single sign-on, user federation, and centralized authentication and authorization using OIDC, OAuth 2.0, and SAML.
Authelia
Self-hosted IAM with SSO and multi-factor authentication
Authelia is an open-source IAM and authentication server providing SSO, MFA, and access control for web apps, with OpenID Connect/OAuth 2.0 and reverse-proxy integration.
authentik
Open-source Identity Provider (IdP) for SSO, OIDC, and SAML
Open-source IdP delivering SSO, OAuth2/OIDC, SAML2, LDAP, RADIUS, MFA, WebAuthn, conditional access and application-proxy capabilities for self-hosted deployments.
OAuth2 Proxy
Reverse proxy and middleware for OAuth2/OIDC authentication
OAuth2 Proxy is a reverse proxy and middleware that protects web apps with OAuth2/OIDC login and forwards authenticated user identity to upstream services.
ZITADEL
API-first identity and access management platform for applications
ZITADEL is an open source IAM/CIAM platform providing SSO, MFA, OIDC/OAuth2, SAML, user management, and multi-tenant organizations with audit logging.
Casdoor
UI-first IAM and SSO platform for modern authentication
Casdoor is an open-source, UI-first IAM/SSO platform supporting OAuth 2.0, OIDC, SAML, LDAP, SCIM, WebAuthn and MFA, with an admin web UI and SDKs.
Logto
Authentication and authorization platform for apps and APIs
Open-source authentication and authorization infrastructure with OIDC/OAuth 2.1, SAML SSO, multi-tenancy, MFA, and RBAC for SaaS and AI apps.
Pocket ID
A passkey-only OpenID Connect identity provider
Pocket ID is a simple self-hosted OpenID Connect (OIDC) provider that lets users sign in to apps using passkeys instead of passwords.
MeshCentral
Open-source web-based remote device management and remote desktop server
Self-hosted Node.js server for remote monitoring, web-based remote desktop, terminal, file access and multi-DB device management.
Kanidm
Simple, secure identity management and SSO provider
Kanidm is a secure identity management platform providing SSO, passkeys (WebAuthn), and integrations like OAuth2/OIDC, RADIUS, and LDAP gateway for legacy apps.
Wizarr
User invitation and management system for media servers
Wizarr automates user invitations and onboarding for Plex, Jellyfin, Emby and similar media servers, with SSO, time-limited access, Discord and request-system integration...
VoidAuth
Self-hosted SSO and user management with OpenID Connect and ForwardAuth
VoidAuth is a self-hosted SSO provider with OpenID Connect, ForwardAuth proxy auth, and built-in user and group management plus MFA and passkeys.
Authgear
Identity and authentication platform for apps and APIs
Open-source Auth0/Clerk/Firebase Auth alternative with passkeys, MFA, SSO (OIDC/SAML), user management portal, and extensible auth flows for web and mobile apps.
Melody Auth
OAuth 2.0 and authentication server for Cloudflare Workers or Node.js
Turnkey OAuth 2.0/OIDC authentication system with admin panel, REST APIs, RBAC, MFA, social login, and flexible deployment on Cloudflare Workers or Node.js.
VaulTLS
Web application to generate and manage mTLS certificates.
Self-hosted web app to generate, manage and distribute mTLS client and server certificates with OIDC auth, email alerts and a REST API.
AuthPortal
Self-hosted SSO gateway for Plex, Jellyfin and Emby
Lightweight Go-based authentication gateway that provides unified SSO for Plex, Jellyfin, and Emby users with OIDC, MFA and an admin console. Runs in Docker and stores pr...
Stackspin
Open source collaboration suite with SSO and admin dashboard
Stackspin is an open source platform that bundles common team collaboration apps with single sign-on, centralized user management, backups, and monitoring for admins.
FusionAuth
Self-hosted identity and access management for applications
FusionAuth is a self-hosted authentication and IAM platform supporting OAuth2, OIDC and SAML, with SSO, MFA, user management and developer-focused integrations.