authentik

authentik is an open-source identity provider that can be self-hosted to manage authentication and authorization for applications. The platform supports multiple authentication protocols including OAuth2/OIDC, SAML2, SCIM, LDAP, and RADIUS. It provides multi-factor authentication capabilities and conditional access controls. The solution includes an application proxy feature for securing applications and supports WebAuthn for passwordless authentication using passkeys. authentik offers GeoIP and impossible travel detection for identifying suspicious authentication attempts. It provides remote access capabilities for protocols including RDP, VNC, and SSH. The platform supports user enrollment workflows and self-service capabilities for end users. It includes federation support for OAuth2/OIDC, OAuth1, SAML2, LDAP, SCIM, and Kerberos protocols. authentik implements OIDC back-channel logout functionality. The system can be deployed using Kubernetes, Terraform, or Docker Compose. It provides APIs for automation and customizable policies for workflow configuration. authentik supports both B2B and B2C use cases and includes infrastructure as code capabilities. Enterprise support and FIPS compliance options are available.