Authentik has been fantastic.
Extremely flexible, and customizable. You can tailor the entire workflow.
Also, supports radius, ldap, and a few others. They keep adding new features every month.
this post was submitted on 28 Aug 2023
21 points (92.0% liked)
Selfhosted
38768 readers
174 users here now
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
founded 1 year ago
MODERATORS
If you use gitea, it's just a few steps to enable it to be an OAuth2 provider. See Oauth2 Provider Docs
I started using Authentik lately and am really enjoying the passwordless life. You can set it up such that the authentication flow uses the WebAuthN standard and just prompt the user for passkey or biometric login. Super slick.
You need to reimplement TOTP on a per-service base. There are hardware tokens available, so you could use one of them (Token2, maybe?) instead on user side. You still need to allow custom secrets for your services so you can enter the token ID there. Are you sure you meant a (TOTP) token and not single sign-on?