Authelia
by authelia
Enterprise-Grade Authentication Gateway for Modern Apps
Self-hosted authentication and authorization server with MFA, SSO, and OpenID Connect support for securing web applications and APIs.
- 26,492+ GitHub stars
- Built with Go
- OpenID Connect and OAuth2 certified provider for standards-compliant SSO
- Apache License 2.0 license
About This Project
Authelia is a powerful authentication and authorization server that acts as a protective gateway between your web applications and users. It provides enterprise-level security features including multi-factor authentication, single sign-on, and fine-grained access control policies, all while being completely self-hosted and open source.
Built with Go for performance and reliability, Authelia integrates seamlessly with reverse proxies like NGINX, Traefik, and HAProxy to protect your entire application stack. It supports multiple authentication backends including LDAP, Active Directory, and local file-based user databases, making it adaptable to existing infrastructure.
The platform offers a comprehensive suite of second-factor authentication methods including TOTP, WebAuthn/FIDO2, passkeys, Duo push notifications, and hardware security keys like YubiKey. As an OpenID Certifiedβ’ provider, it delivers standards-compliant OAuth2 and OpenID Connect flows, enabling secure integration with modern applications and APIs.
Whether you're running containerized workloads in Kubernetes or traditional server deployments, Authelia provides the security layer your applications need without vendor lock-in or recurring costs. Its policy engine allows you to define sophisticated access rules based on user groups, networks, resources, and authentication levels.
Key Features
- OpenID Connect and OAuth2 certified provider for standards-compliant SSO
- Multiple MFA options: TOTP, WebAuthn, passkeys, Duo push, and hardware tokens
- Flexible authentication backends supporting LDAP, Active Directory, and file-based users
- Policy-based access control with rules for users, groups, networks, and resources
- Native integration with popular reverse proxies and container orchestration platforms
How You Can Use It
Protecting self-hosted services and home lab applications with enterprise-grade authentication
Implementing SSO across microservices in Kubernetes clusters with OAuth2/OIDC
Adding mandatory MFA to legacy applications without modifying their code
Creating zero-trust network access with granular policy-based authorization rules
Who Is This For?
DevOps engineers, system administrators, and security-conscious developers managing self-hosted infrastructure or building secure multi-tenant applications