Amazon Cognito
Customer identity and access management service for adding user sign-up, sign-in, and authentication to apps
Open-Source Projects
Discover top open-source software, updated regularly with real-world adoption signals.
Discover top open-source software, updated regularly with real-world adoption signals.
Authentication and authorization server with SSO and 2FA
Open-source authentication and authorization server providing two-factor authentication and single sign-on for applications via a web portal, acting as a companion for reverse proxies.
Authelia is an authentication and authorization server that adds two-factor authentication and single sign-on capabilities to your applications through a web portal. It works as a companion to reverse proxies like nginx, Traefik, Caddy, Envoy, and HAProxy, allowing, denying, or redirecting requests based on fine-grained access control rules.
Authelia is OpenID Connect™ certified and supports multiple second-factor methods including FIDO2 WebAuthn security keys (YubiKey), time-based one-time passwords, and mobile push notifications via Duo. It offers passwordless authentication through WebAuthn passkeys and includes password reset with email verification. Access control rules can match criteria like subdomain, user, group membership, request URI, method, and network, with per-rule policies for one-factor or two-factor authentication.
Authelia can be deployed as a standalone service via AUR, APT, FreeBSD Ports, or static binaries, or as a container on Docker and Kubernetes. Kubernetes deployments support multiple ingress controllers including ingress-nginx, Traefik, Istio, and Envoy Gateway, with beta Helm Chart support. High availability is achieved using remote databases and Redis as a key-value store.
When teams consider Authelia, these hosted platforms usually appear on the same shortlist.
Looking for a hosted option? These are the services engineering teams benchmark against before choosing open source.
Securing self-hosted applications with SSO
Users authenticate once through Authelia's portal and gain access to multiple internal applications with consistent 2FA enforcement across all services.
Kubernetes ingress authentication
Deploy Authelia alongside ingress-nginx or Traefik to add authentication and authorization to services without modifying application code.
OpenID Connect provider for internal apps
Applications integrate with Authelia as an OpenID Connect certified provider, enabling standards-based authentication with 2FA support.
Fine-grained access control by subdomain and user group
Define rules that grant different access levels based on subdomain, user group membership, request method, and network origin with flexible 1FA or 2FA policies.
Authelia works with nginx, Traefik, Caddy, Skipper, Envoy, and HAProxy. It integrates with Traefik using ForwardAuth middleware and Caddy using the forward_auth directive.
Yes, Authelia is OpenID Connect™ certified to the Basic OP, Implicit OP, Hybrid OP, Form Post OP, and Config OP profiles, though this feature is still considered beta.
Authelia supports FIDO2 WebAuthn security keys like YubiKey, time-based one-time passwords (TOTP), mobile push notifications via Duo, and passwordless authentication using WebAuthn passkeys.
Yes, Authelia supports Kubernetes deployment with compatibility for ingress-nginx, Traefik CRD and Ingress, Istio, and Envoy Gateway. Beta Helm Chart support is available for orchestration.
High availability is achieved by using a remote database for persistent storage and Redis as a highly available key-value store, allowing multiple Authelia instances to run concurrently.
Project at a glance
ActiveLast synced 4 days ago
