explaingit

goauthentik/authentik

📈 Trending21,520PythonAudience · ops devopsComplexity · 4/5ActiveLicenseSetup · hard

TLDR

Self-hosted identity provider that handles login and access control for your apps using OAuth2, OIDC, SAML, LDAP, and RADIUS standards.

Mindmap

mindmap
  root((authentik))
    What it does
      User authentication
      Access control
      Multi-protocol support
    Deployment options
      Docker Compose
      Kubernetes Helm
      AWS CloudFormation
      DigitalOcean Marketplace
    Use cases
      Replace Okta Auth0
      Home lab setup
      Enterprise identity
    Tech stack
      Python
      OAuth2 OIDC
      SAML LDAP
      Docker Kubernetes

Things people build with this

USE CASE 1

Replace commercial identity services like Okta or Auth0 with a self-hosted alternative you control.

USE CASE 2

Add centralized login and access control to multiple internal tools and applications.

USE CASE 3

Set up authentication for a home lab or small business without paying per-user fees.

USE CASE 4

Manage large-scale user access across enterprise applications with SAML, LDAP, or OAuth2 integration.

Tech stack

PythonDockerKubernetesOAuth2OIDCSAMLLDAP

Getting it running

Difficulty · hard Time to first run · 1h+

Requires Docker and database setup; multiple protocol integrations (OAuth2, OIDC, SAML, LDAP) need configuration before functional auth flow.

MIT licensed for open-source use; separate enterprise license available for commercial deployments with advanced features.

In plain English

authentik is an open-source Identity Provider, which means it handles login and authentication for other apps and services. Think of it as the "who are you?" layer that sits in front of your tools, it verifies users and manages who has access to what. It supports widely-used standards like OAuth2, OIDC, SAML, LDAP, and RADIUS, so it can integrate with a broad range of software. The project is designed for self-hosting, meaning you run it on your own infrastructure rather than relying on a third-party service. It scales from small home lab setups to large production environments. Installation is available via Docker Compose for smaller or test deployments, Kubernetes with a Helm chart for larger setups, AWS CloudFormation for Amazon cloud deployments, and a one-click option through the DigitalOcean Marketplace. authentik positions itself as a self-hosted replacement for commercial identity services like Okta, Auth0, Entra ID, and Ping Identity. An enterprise offering is available for organizations that need large-scale identity management. The project is MIT licensed (with a separate enterprise license for enterprise features) and has a translation program via Transifex for multiple languages. It has over 21,000 GitHub stars, indicating wide community adoption.

Copy-paste prompts

Prompt 1
How do I set up authentik with Docker Compose for a small team of 10 users?
Prompt 2
Show me how to integrate authentik as an OAuth2 provider for my web application.
Prompt 3
What's the difference between deploying authentik on Kubernetes vs Docker Compose, and which should I choose?
Prompt 4
How do I migrate users from Auth0 to a self-hosted authentik instance?
Prompt 5
Can I use authentik to add SAML single sign-on to my existing internal tools?
Open on GitHub → Explain another repo

Generated 2026-05-18 · Model: sonnet-4-6 · Verify against the repo before relying on details.