Authentik
Flexible identity provider
The Lens
SSO (single sign-on), multi-factor auth, user directories, all in one place.
The open source version is extremely capable. You get SAML, OAuth2/OIDC, LDAP, SCIM, and proxy authentication. The admin UI is clean and modern. You can set up enrollment flows, password recovery, and MFA without touching code. For a homelab or small company, this replaces paid services like Okta or Auth0.
Authentik Enterprise adds features like long-term support, AI-powered risk assessment, and enterprise support starting at $5/user/mo with a 100-user minimum ($500/mo floor). Solo/homelab: the open source version is fantastic. Small teams: same. Growing teams needing vendor support: Enterprise makes sense at $5/user/mo. Large orgs: serious Okta alternative at a fraction of the cost.
The catch: initial setup has a learning curve. Authentik uses a flow-based system for authentication logic that's powerful but not intuitive at first. Plan to spend a weekend getting it right. Docker Compose is the recommended deployment; you'll run Postgres, Redis, and the Authentik containers.
Get tools like this every Wednesday
One featured tool, three on the radar. No fluff.
Free vs Self-Hosted vs Paid
open core### Free Tier (Self-Hosted)
The open source Authentik includes: SAML, OAuth2/OIDC, LDAP provider, SCIM provisioning, proxy authentication, MFA (TOTP, WebAuthn, Duo), customizable flows, user/group management, application catalog, and a full admin dashboard. No user limits.
### Self-Hosted Setup
Docker Compose with Postgres and Redis. Minimum 2 CPU cores, 4GB RAM recommended. The flow designer and admin UI are web-based. Outposts (LDAP, proxy, RADIUS) run as separate containers. Moderate ops burden, not a single binary, but well-documented.
### Paid Tier: Enterprise
- **$5/user/mo** (100-user minimum = $500/mo floor) - Long-term support releases - AI-based risk detection - Enterprise support with SLAs - Web3 authentication - Enterprise RAC (Remote Access Control)
### The Math
Self-hosted open source: $20-40/mo VPS + 4-6 hours/mo ops. Okta at $6-15/user/mo for 100 users: $600-1,500/mo. Authentik Enterprise at $500/mo is cheaper than Okta and you own the data. The open source version at $20-40/mo is absurdly cheap for what you get.
### Verdict
The open source version replaces paid identity providers for most teams. Enterprise is worth it at scale for SLA support and risk detection.
Open source replaces Okta/Auth0 for most teams at $0. Enterprise at $5/user/mo ($500/mo min) is still cheaper than competitors.
Similar Tools
About
- Stars
- 21,394
- Forks
- 1,589
Explore Further
More tools in the directory
openclaw
Your own personal AI assistant. Any OS. Any Platform. The lobster way. 🦞
370.3k ★claw-code
The repo is finally unlocked. enjoy the party! The fastest repo in history to surpass 100K stars ⭐. Join Discord: https://discord.gg/5TUQKqFWd Built in Rust using oh-my-codex.
190.9k ★n8n
Fair-code workflow automation with native AI capabilities
187.3k ★