Back to Blog
team@tinypod.app

Self-Hosting Authentik: Identity Provider for Everything

Authentik is a self-hosted identity provider. SSO for all your apps with a visual flow builder, LDAP, SAML, and OIDC.

authentikidentityssosecurity

What Is Authentik?


Authentik is a self-hosted identity provider that gives all your services single sign-on. Log in once, access everything.


Why Authentik?


  • Visual flow builder for login/registration/recovery
  • OIDC, SAML, LDAP, and proxy authentication
  • Beautiful, customizable login pages
  • Multi-factor authentication
  • Self-service user management

    • Authentication Methods


    OIDC/OAuth2

    Modern apps (Gitea, Grafana, Outline, Portainer) use OIDC. Authentik is an OIDC provider.


    SAML

    Enterprise apps use SAML. Authentik supports SAML 2.0.


    LDAP

    Legacy apps use LDAP. Authentik provides an LDAP outpost.


    Proxy

    Apps with no auth support? Authentik's proxy outpost adds authentication in front of any app.


    Flow Builder


    Authentik's killer feature is the visual flow builder:

  • Design login flows (password → 2FA → consent)
  • Design registration flows (email verification → profile setup)
  • Design recovery flows
  • Conditional logic (require 2FA for admins only)

    • Multi-Factor Authentication


  • TOTP (Google Authenticator, Authy)
  • WebAuthn/FIDO2 (YubiKey, fingerprint)
  • SMS (via Twilio)
  • Email verification
  • Static recovery codes

    • Deployment


    1. Deploy Authentik on TinyPod

    2. Configure your first provider (OIDC)

    3. Create an application

    4. Point your app's auth to Authentik


    Resources: 2 CPU, 1 GB RAM.


    Authentik is the easiest self-hosted identity provider to set up. The visual flow builder alone makes it worth choosing over Keycloak.