Authelia: Single Sign-On and Multi-Factor Authentication for Web Apps
Summary
Authelia is a robust, open-source authentication and authorization server designed to enhance the security of your web applications. It provides comprehensive two-factor authentication (2FA) and single sign-on (SSO) capabilities through an intuitive web portal. Seamlessly integrating with various reverse proxies, Authelia acts as a crucial companion for managing access control and securing your digital infrastructure.
Repository Info
Tags
Click on any tag to explore related repositories
Introduction
Authelia is an advanced, open-source authentication and authorization server that brings enterprise-grade security to your web applications. It functions as a Single Sign-On (SSO) and Multi-Factor Authentication (MFA) portal, ensuring that only authorized users can access your services. Authelia is OpenID Certified™, demonstrating its adherence to modern authentication standards. It works in conjunction with reverse proxies, allowing you to define granular access policies and protect your applications effectively.
Installation
Getting started with Authelia is flexible, offering multiple deployment options to suit various environments. You can install it as a standalone service or leverage containerization for scalability and ease of management.
Key installation methods include:
- Package Managers: Available via AUR, APT, and FreeBSD Ports.
- Static Binaries: Direct downloads for various platforms.
- Containerization: Easily deployable on Docker and Kubernetes environments.
- Helm Charts: Beta support for Kubernetes deployments using official Helm charts.
For detailed instructions, refer to the official Get Started Guide and the Deployment documentation.
Examples
Authelia provides convenient docker compose bundles to help you quickly set up and test its features. These bundles serve as excellent starting points for understanding its configuration and integration.
- Local Bundle: Ideal for testing Authelia without complex configurations, typically used in scenarios where the server is not exposed to the internet. It uses local hosts file domains and self-signed certificates.
- Lite Bundle: Designed for internet-exposed servers, requiring proper domain and DNS setup, with certificates generated via Let's Encrypt. This configuration uses file-based user storage and SQLite for minimal external dependencies.
Explore these examples and more comprehensive guides in the official Docker Deployment documentation.
Why Use Authelia?
Authelia offers compelling reasons to integrate it into your infrastructure:
- Enhanced Security: Implement robust 2FA methods, including Security Keys (FIDO2/WebAuthn with YubiKey support), Time-based One-Time Passwords (TOTP), and Mobile Push Notifications (Duo). It also supports passwordless authentication via Passkeys.
- Flexible Access Control: Define fine-grained access rules based on criteria like subdomain, user, group membership, request URI, method, and network, with options for one-factor or two-factor policies per rule.
- Broad Compatibility: Works seamlessly with popular reverse proxies such as Nginx, Traefik, Caddy, Envoy, and HAProxy.
- Open Source and Auditable: As an open-source project, Authelia's codebase is transparent and auditable, fostering trust and allowing community contributions to enhance its security and features.
- OpenID Certified™: Adheres to the OpenID Connect 1.0 protocol, ensuring interoperability and compliance with industry standards.
Links
- GitHub Repository: https://github.com/authelia/authelia
- Official Documentation: https://www.authelia.com/
- Docker Hub: https://hub.docker.com/r/authelia/authelia/tags
- OpenID Certification: https://openid.net/certification/