authentik

authentik is an open-source Identity Provider for modern SSO. It is designed for self-hosting and can fit small labs or large production clusters. It provides a single place to handle authentication and authorization instead of relying on a hosted IdP.

authentik supports SAML, OAuth2/OIDC, LDAP, and RADIUS. It can be deployed with Docker Compose for small or test setups, with Kubernetes for larger setups, or on AWS with CloudFormation. A DigitalOcean Marketplace app is also available.

It includes an Application Proxy that adds forward-auth SSO to apps that lack native authentication, customizable login and enrollment flows, and multi-factor authentication with WebAuthn and TOTP. An enterprise edition is available for organizations that want to replace existing IdPs such as Okta, Auth0, Entra ID, and Ping Identity at large scale.