Authentik logo

Authentik

Authentik is an open source identity provider with a comprehensive REST API for managing users, groups, flows, providers, sources, policies, and outposts. It supports OAuth2, OIDC, SAML, LDAP, SCIM, and RADIUS protocols with official client SDKs in TypeScript, Python, Go, Rust, Kotlin, and Swift.

1 APIs 7 Features
AuthenticationAuthorizationIdentity ProviderLDAPOAuthOpen SourceOpenID ConnectSAMLSCIMSelf-Hosted

APIs

Authentik REST API

The authentik REST API v3 provides complete management of the authentik identity platform including users, groups, tokens, flows, providers, sources, policies, outposts, events,...

Features

Comprehensive REST API

Full REST API covering all authentik features with built-in Swagger UI at /api/v3/ on every instance.

Multi-Protocol Support

Native support for OAuth2, OIDC, SAML, LDAP, SCIM, RADIUS, and SSTP protocols for broad integration coverage.

Flow Engine

Customizable authentication and enrollment flows with visual flow designer for configuring multi-step authentication processes.

Multi-Language SDKs

Official API client SDKs in TypeScript, Python, Go, Rust, Kotlin, and Swift auto-generated from the OpenAPI schema.

Terraform Provider

Official Terraform provider for infrastructure-as-code management of authentik resources.

Helm Deployment

Official Helm chart for Kubernetes deployment with configurable replicas, persistence, and external database support.

RBAC

Role-based access control for granular permission management across authentik resources and administrative functions.

Use Cases

Self-Hosted Identity Provider

Deploy a complete identity provider on-premises or in private cloud with full data sovereignty.

SSO Gateway

Provide single sign-on for all internal applications using OIDC, SAML, or LDAP protocol support.

B2C Identity

Build customer-facing registration and authentication flows with customizable enrollment and recovery processes.

Zero Trust Access

Implement zero trust application access with forward auth proxy integration and per-application policies.

Integrations

Nginx/Traefik/Caddy

Forward auth integration with major reverse proxies for transparent application authentication.

Kubernetes

Native Kubernetes deployment via Helm chart with optional operator and RBAC integration.

LDAP Directory

LDAP outpost that exposes authentik users to LDAP-compatible applications without a directory server.

Grafana

Native OAuth2 integration with Grafana for unified authentication in monitoring stacks.

Nextcloud

OIDC or SAML integration with Nextcloud for unified login in self-hosted file storage.

Solutions

Self-Hosted IAM

Complete identity and access management platform deployable on any infrastructure with no vendor lock-in.

Application Gateway

Secure and authenticate any application using forward auth with optional MFA and per-user access policies.

Resources

🔗
Website
Website
🔗
Documentation
Documentation
👥
GitHubOrganization
GitHubOrganization
👥
GitHubRepository
GitHubRepository
📄
ChangeLog
ChangeLog
💬
Support
Support
🔗
Community
Community
💰
Pricing
Pricing