Authelia
Protect your applications with Single Sign-On and 2 Factor. Authelia is an open-source full-featured authentication server available on Github.
License model
- Free • Open Source
Application type
Platforms
- Self-Hosted
- Kubernetes
- Docker
Features
- Privacy focused
- Two-factor Authentication
- Support for Docker
- LDAP support
- Single Sign-On
- Ngnix support
- HTTP Basic Authentication
- Golang
- Reverse Proxy
- Kubernetes
Authelia News & Activities
Recent activities
- ivanov17 reviewed Authelia
A powerful and lightweight auth server that works with various reverse proxies.
- stephanie-ta added Authelia as alternative to Login-Master
- POX added Authelia as alternative to Clerk Authentication
- FelschR liked Authelia
Authelia information
AlternativeTo Categories
Security & Privacy, Network & AdminGitHub repository
- 21,090 Stars
- 1,090 Forks
- 111 Open Issues
- Updated Sep 10, 2024
What is Authelia?
Authelia is an open-source authentication and authorization server providing two-factor authentication and single sign-on (SSO) for your applications via a web portal. It acts as a companion for reverse proxies like nginx, Traefik or HAProxy to let them know whether requests should either be allowed or redirected to Authelia's portal for authentication.
The following is a simple diagram of the architecture:
Authelia can be installed as a standalone service from the AUR, APT, FreeBSD Ports, or using a Static binary, .deb package, Docker or Kubernetes either manually or via the Helm Chart (beta) leveraging ingress controllers and ingress configurations.
Here is what Authelia's portal looks like:
Features summary
This is a list of the key features of Authelia:
Several second factor methods: Security Key (U2F) with Yubikey. Time-based One-Time password with Google Authenticator. Mobile Push Notifications with Duo. Password reset with identity verification using email confirmation. Access restriction after too many invalid authentication attempts. Fine-grained access control using rules which match criteria like subdomain, user, user group membership, request uri, request method, and network. Choice between one-factor and two-factor policies per-rule. Support of basic authentication for endpoints protected by the one-factor policy. Highly available using a remote database and Redis as a highly available KV store. Compatible with Traefik out of the box using the ForwardAuth middleware. Curated configuration from LinuxServer via their Swag container as well as a guide. Kubernetes Support: Compatible with the ingress-nginx, the Traefik Kubernetes CRD, and the Traefik Kubernetes Ingress Kubernetes ingress controllers out of the box. Beta support for installing via Helm using our Charts. Beta support for OpenID Connect.
Comments and Reviews
A powerful and lightweight auth server that works with various reverse proxies.