Authentik

App in the BluixApps catalog

What it is

Authentik is a modern open-source identity provider — SSO, MFA, OAuth2, SAML, LDAP, OpenID Connect, RADIUS. Python/Django-based, with a beautiful admin UI and policy-based authentication flows. Direct competitor to Keycloak with more modern UX.

For mid-size orgs wanting Keycloak's enterprise IdP capability with a friendlier UI, Authentik is the modern alternative.

What it's for

  • Single sign-on (SSO) — one IdP for all enterprise apps
  • OAuth2 / OIDC provider — issue tokens for any app
  • SAML provider — legacy enterprise app SSO
  • LDAP outpost — bridge to legacy LDAP-only apps
  • MFA enforcement — TOTP, WebAuthn, mobile push

Who it's for

  • Enterprise IT unifying employee SSO across apps
  • SaaS platforms providing customer SSO via OIDC
  • Privacy-bound orgs keeping IdP on-prem
  • Multi-tenant SaaS providing tenant SSO
  • Tech-forward IT teams preferring modern UX

Why teams pick Authentik over alternatives

  • MIT license — fully open
  • Modern UX — beautiful admin UI vs Keycloak's dated
  • Policy-based flows — visual authentication flow builder
  • Multi-protocol — OIDC, SAML, LDAP, RADIUS in one
  • Active development — backed by Authentik Security
  • Outposts pattern — extend to bridges (LDAP, RADIUS, etc.)

Integrations

  • Apps via OIDC — every modern app with OAuth support
  • Apps via SAML — Salesforce, AWS, legacy enterprise
  • LDAP bridge — outpost provides LDAP for legacy apps
  • RADIUS bridge — for VPN / WiFi authentication
  • Identity sources — local + LDAP + OIDC + SAML federation
  • MFA — TOTP, WebAuthn (FIDO2), email code, mobile push
  • Notification — email + webhook

Notable users & community

  • 13k+ GitHub stars
  • Used by SaaS companies + enterprises worldwide
  • Backed by Authentik Security with commercial enterprise
  • Active Discord community
  • Featured in IdP comparisons

Tips & operations

  • Postgres + Redis required
  • Policy flows complex — visual but powerful; document yours
  • Backup is critical — IdP loss = everyone locked out
  • Outpost containers — separate containers for LDAP / RADIUS bridges
  • Health checks — monitor IdP uptime; outage = mass lockout
  • Tenant isolation — multi-tenant requires careful setup

What we ship in BluixApps

  • Docker compose: Authentik server + worker + Postgres + Redis
  • Pinned ghcr.io/goauthentik/server:2024.10 (release-tagged)
  • HTTPS via Let's Encrypt
  • Admin user via env config (admin@authentik / random)
  • Persistent volumes for Postgres + Redis + media
  • SMTP placeholder for notifications
  • Backup hook covers Postgres (users + apps + policies)
Read this app's deep dive on bluix.app ↗

Get this app — pick a BluixApps plan

Same catalog. Scaling tenant isolation, white-label and support tier.

TierTenantsCatalogSupportWhite-labelMonthly
Stacks119 curated stacksStandard$19/moDetailDeploy
Starter10Full catalogStandard+$15–25/mo$49/moDetailDeploy
Pro25Full catalogPriority bugfix+$15–25/mo$149/moDetailDeploy
Growth100Full catalogPriority bugfix+$15–25/mo$349/moDetailDeploy
Scale500Full catalog7-day window+$15–25/mo$799/moDetailDeploy
EnterpriseUnlimitedFull catalogPriority 7-dayBundled$1,499/moDetailDeploy

Powered by WHMCompleteSolution