Skip to content

Command Palette

Search for a command to run...

Self-host authentik

SSO & Identity
prices checked · Jul 2026

An open-source identity provider supporting SAML, OAuth2/OIDC, and LDAP — a flexible, self-hostable alternative to Auth0, Okta, and Azure AD with a visual flow-based login builder.

Auth0 / yr$420
Self-hosted / yr~$55
You keep$365/yr

Key facts

CategorySSO & Identity
LicenseMIT
StackPython, Go, TypeScript
Min RAM2048 MB
Dockeryes
Difficulty
Our recommendation

Pick authentik when you want a modern, full identity provider you can shape to almost any login flow — SAML, OAuth2/OIDC, LDAP, SCIM, and a built-in proxy for apps that have no auth of their own. It's the self-hoster's favourite full IdP; if you only need to gate a few existing apps behind SSO and 2FA, Authelia is far less to run.

What you need

  • Any VPS with at least 2048 MB of RAM
  • A domain you control — most self-hosted setups need HTTPS in front of them
  • About an afternoon — budget time for troubleshooting

Install with Docker Compose

Save this as compose.yml and run docker compose up -d:

# authentik — official compose.yml + generated secrets
wget https://docs.goauthentik.io/compose.yml
echo "PG_PASS=$(openssl rand -base64 36 | tr -d '\n')" >> .env
echo "AUTHENTIK_SECRET_KEY=$(openssl rand -base64 60 | tr -d '\n')" >> .env
docker compose up -d  #  →  http://SERVER_IP:9000

What you take on

authentik is powerful because it's a real identity platform — which is exactly why it demands care:

non-negotiableIt's open-core. The core is MIT and generous, but some features sit in an enterprise tier — check the split matches what you need before you build on it.
non-negotiablePostgres and Redis are required. It's not a single container; give it a proper database and cache, and back the database up — it holds every user and credential.
non-negotiableIt's security-critical. An IdP is the key to every app behind it — keep it patched, restrict admin access, and treat its upgrades as maintenance windows, not afterthoughts.

An alternative to

Head-to-head

More in SSO & Identity