Kanidm

Kanidm is an identity management platform that centralizes users, groups, and authentication for your applications and infrastructure. It focuses on secure defaults, simple operations, and built-in capabilities so services can offload identity and access management to a single provider.

Key Features

• OAuth2/OIDC provider for single sign-on (SSO)
• WebAuthn passkeys support, including attested passkeys for higher assurance
• Application portal for launching and accessing linked applications
• Linux/Unix integration, including offline authentication support
• SSH public key distribution for Unix systems
• RADIUS support for network and VPN authentication
• Read-only LDAPS gateway for legacy LDAP-dependent systems
• Administration via CLI tooling plus Web UI for user self-service
• Two-node high availability using database replication

Use Cases

• Replace fragmented credentials with centralized SSO for internal web apps
• Provide strong phishing-resistant authentication using passkeys
• Manage Unix fleet access with centralized identities and SSH key delivery

Limitations and Considerations

• Administrative workflows are primarily CLI-driven, while the Web UI is focused on end-user self-service

Kanidm is a strong fit when you want a unified identity provider with modern authentication (passkeys) plus practical infrastructure integrations (Unix, SSH, RADIUS). It aims to deliver enterprise-grade capabilities with a streamlined operational model and secure-by-default design.