Amazon Cognito
Customer identity and access management service for adding user sign-up, sign-in, and authentication to apps
Open-Source Projects
Discover top open-source software, updated regularly with real-world adoption signals.
Discover top open-source software, updated regularly with real-world adoption signals.
Simple, secure identity management platform with everything built-in
Complete identity provider with passkeys, OAuth2/OIDC, RADIUS, and Linux/Unix integration. No external components needed—strict defaults and self-healing architecture from home labs to enterprise.
Kanidm is a complete identity management platform designed to handle authentication and identity storage for applications and services of any scale. Built in Rust, it eliminates the need for external components like Keycloak or separate LDAP servers by bundling passkey authentication, OAuth2/OIDC SSO, RADIUS, SSH key distribution, and Linux/Unix integration into a single, cohesive system.
Kanidm serves home labs, families, small businesses, and large enterprises through strict defaults, minimal configuration, and self-healing components. Its high-performance internal database and two-node replication deliver faster operations than FreeIPA while avoiding the complexity of multi-component stacks. The platform supports TPM-protected offline authentication, attested passkeys for high-security environments, and a read-only LDAP gateway for legacy systems.
Administrators manage Kanidm primarily through comprehensive CLI tooling, while end users access a self-service WebUI and application portal. The architecture prioritizes simplicity: no external SQL databases, no sprawling configuration files, and no dependency on separate OIDC or directory services. Whether you're replacing FreeIPA, consolidating Keycloak and LDAP, or building a new identity infrastructure, Kanidm provides a streamlined, secure foundation.
When teams consider Kanidm, these hosted platforms usually appear on the same shortlist.
Looking for a hosted option? These are the services engineering teams benchmark against before choosing open source.
Replace FreeIPA for Linux/Unix Identity
Faster performance, simpler upgrades, and integrated passkey authentication without Kerberos complexity
Consolidate Keycloak and LDAP Stack
Single platform for OAuth2/OIDC SSO and identity storage, reducing operational overhead and failure points
Secure VPN and Network Access
Built-in RADIUS server with passkey authentication for VPNs, Wi-Fi, and network devices
Home Lab or Small Business SSO
Self-hosted authentication with application portal, SSH keys, and minimal configuration for non-enterprise users
No. Kanidm uses its own high-performance internal database with built-in replication, eliminating external SQL dependencies and potential bottlenecks.
The WebUI is designed for user self-service (password resets, passkey enrollment, application access). Administrative tasks are primarily handled via comprehensive CLI tools.
Kanidm includes OAuth2/OIDC natively without requiring Keycloak. It offers simpler setup, integrated identity storage, and broader features like RADIUS and Unix authentication in one platform.
Kanidm supports two-node high availability using database replication. Multi-master clustering beyond two nodes is not currently available.
Yes. Kanidm scales from home labs to large enterprises with strict defaults, self-healing architecture, and performance exceeding FreeIPA in benchmarks with thousands of users and groups.
Project at a glance
ActiveLast synced 4 days ago
