What Is Authentik?
Authentik is an open-source identity provider that handles authentication for all your self-hosted services. It supports SSO (Single Sign-On), MFA, and user management — similar to Okta or Auth0.
Requirements
- A Breeze with at least 2 GB RAM
- Docker and Docker Compose
Docker Compose Setup
mkdir -p /opt/authentik && cd /opt/authentik
wget https://goauthentik.io/docker-compose.yml
echo "PG_PASS=$(openssl rand -base64 36 | tr -d '\n')" >> .env
echo "AUTHENTIK_SECRET_KEY=$(openssl rand -base64 60 | tr -d '\n')" >> .env
echo "AUTHENTIK_ERROR_REPORTING__ENABLED=false" >> .env
docker compose up -dInitial Setup
Visit http://your-server:9000/if/flow/initial-setup/ to create your admin account.
Features
- Single Sign-On (SSO) with SAML and OAuth2/OIDC
- Multi-factor authentication (TOTP, WebAuthn, SMS)
- LDAP provider for legacy applications
- User self-service (password reset, profile management)
- Application proxy for services without native auth
- Customizable login flows
- User groups and role-based access
- Audit logging
Integrating with Services
In Authentik, create an OAuth2/OIDC provider for each application. Then configure each application (Gitea, Outline, Portainer, etc.) to use Authentik as the OAuth provider. Users log in once and access all services.