Authelia

Authelia

Website

Self-hosted IAM with SSO and multi-factor authentication

RepositoryWebsite
26.4kstars
1.3kforks
Last commit: 1d ago
Repo age: 10y old
Authelia screenshot

Authelia is an open-source authentication and authorization server that provides identity and access management (IAM) for web applications. It commonly sits behind a reverse proxy to enforce single sign-on (SSO), multi-factor authentication (MFA), and fine-grained access policies.

Key Features

  • OpenID Connect 1.0 provider (OpenID Certified) with OAuth 2.0 support for SSO integrations
  • Reverse-proxy companion mode to allow, deny, or redirect requests based on authentication state
  • Multiple MFA methods including TOTP and WebAuthn/FIDO2 security keys
  • Granular authorization policies based on users, groups, domains, and resources
  • Brute-force protection and login regulation/lockout controls
  • Password reset flows (including LDAP or internal users) with email validation
  • High availability-oriented design suitable for running multiple instances

Use Cases

  • Protect internal tools and self-hosted apps behind a reverse proxy with SSO and MFA
  • Provide an OIDC identity layer for applications that support OAuth2/OIDC login
  • Enforce access control policies for different user groups across multiple domains

Authelia is a lightweight, security-focused IAM component that can centralize authentication and authorization for many web applications. It is particularly well-suited for homelabs and organizations that want modern SSO and MFA without adopting a full enterprise directory suite.

Categories:

Identity & Access Management (IAM)SSO & Federated Identity (OIDC/SAML)

Tags:

# Authentication# IAM# Authorization# Access Control# 2FA# OIDC# Two-Factor Authentication# Single Sign-On

Tech Stack:

HelmHelmGoGoKubernetesKubernetesOAuth 2.0OAuth 2.0DockerDockerTypeScriptTypeScriptReactReactOpenID Connect (OIDC)OpenID Connect (OIDC)
L
LDAPv3
Share:

Similar Services

PocketBase

PocketBase

Lightweight open-source realtime backend with embedded SQLite

55.3k
3k
Last commit: 1d ago

Open-source Go backend providing embedded SQLite, realtime (SSE) subscriptions, auth (JWT/OAuth2), file storage, admin UI and REST-style APIs for web and mobile apps.

Alternative to:
PocketBase Cloud
PocketBase Cloud+17
Keycloak

Keycloak

Open-source identity and access management with SSO

32.3k
8k
Last commit: 21h ago

Keycloak is an open-source IAM server providing single sign-on, user federation, and centralized authentication and authorization using OIDC, OAuth 2.0, and SAML.

Alternative to:
Okta
Okta+19
Infisical

Infisical

Open-source platform for secrets, PKI certificates, and privileged access

24.5k
1.7k
Last commit: 20h ago

Infisical is an open-source platform to manage and deliver app secrets, certificates (PKI), SSH credentials, and encryption keys across teams and infrastructure.

Alternative to:
HashiCorp Vault
HashiCorp Vault+9
authentik

authentik

Open-source Identity Provider (IdP) for SSO, OIDC, and SAML

19.7k
1.4k
Last commit: 17h ago

Open-source IdP delivering SSO, OAuth2/OIDC, SAML2, LDAP, RADIUS, MFA, WebAuthn, conditional access and application-proxy capabilities for self-hosted deployments.

Alternative to:
Okta
Okta+19
Teleport

Teleport

Identity-aware access proxy for infrastructure and internal apps

19.7k
2k
Last commit: 17h ago

Secure access platform for servers, Kubernetes, databases, desktops, and web apps with SSO/MFA, short-lived certificates, and full session auditing.

Alternative to:
Twingate
Twingate+16
OAuth2 Proxy

OAuth2 Proxy

Reverse proxy and middleware for OAuth2/OIDC authentication

13.6k
2k
Last commit: 21h ago

OAuth2 Proxy is a reverse proxy and middleware that protects web apps with OAuth2/OIDC login and forwards authenticated user identity to upstream services.

Alternative to:
Cloudflare Access
Cloudflare Access+14