# authelia/authelia **Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/authelia-authelia).** 26,785 stars · 1,340 forks · Go · apache-2.0 ## Links - GitHub: https://github.com/authelia/authelia - Homepage: https://www.authelia.com - awesome-repositories: https://awesome-repositories.com/repository/authelia-authelia.md ## Topics `2fa` `authentication` `docker` `golang` `kubernetes` `ldap` `mfa` `multifactor` `oauth2` `openid-connect` `passkeys` `push-notifications` `security` `sso` `sso-authentication` `totp` `two-factor` `two-factor-authentication` `webauthn` `yubikey` ## Description Authelia is a centralized identity and access management server designed to secure web applications through unified authentication and authorization. It functions as an identity authority that enables single sign-on across diverse platforms, allowing users to access multiple services with a single set of credentials. By acting as a standards-compliant provider, it facilitates secure identity propagation and token issuance for client applications. The platform distinguishes itself through its ability to integrate directly with web gateways as a reverse proxy authentication middleware, intercepting requests to validate user identity before granting access to protected resources. It enforces granular access control policies and provides robust multi-factor authentication, supporting various verification methods such as hardware security keys, mobile push notifications, and time-based one-time passwords. To maintain consistency across distributed environments, it utilizes stateless session management via encrypted cookies. Authelia offers a flexible integration surface, featuring a pluggable backend that supports multiple external directory services like LDAP alongside internal database options. Its configuration is managed through a declarative, version-controlled YAML schema, which can be further automated using environment variables. The project provides comprehensive command-line tooling for policy validation and configuration management, with native support for deployment in containerized and orchestrated environments. ## Tags ### Security & Cryptography - [Identity and Access Management Servers](https://awesome-repositories.com/f/security-cryptography/identity-and-access-management-servers.md) — A centralized authentication and authorization service that secures web applications by managing user identities and enforcing access control policies. - [Identity Management Systems](https://awesome-repositories.com/f/security-cryptography/identity-management-systems.md) — Providing a unified authentication and authorization layer to secure multiple internal applications through a single point of entry. - [Identity Providers](https://awesome-repositories.com/f/security-cryptography/identity-providers.md) — Identity Providers → OpenID Connect 1.0 Clients → OpenID Connect 1.0 Provider → ([source](https://www.authelia.com/configuration/identity-providers/)) - [OpenID Connect Providers](https://awesome-repositories.com/f/security-cryptography/openid-connect-providers.md) — Acts as a central identity authority that issues tokens to client applications to enable standardized single sign-on across diverse platforms. - [Primary Authentication Methods](https://awesome-repositories.com/f/security-cryptography/primary-authentication-methods.md) — File → First Factor → LDAP → ([source](https://www.authelia.com/configuration/first-factor/)) - [Authentication Middleware](https://awesome-repositories.com/f/security-cryptography/authentication-middleware.md) — A security component that integrates with web gateways to validate user sessions and authorize requests before they reach protected backend services. - [Multi-Factor Authentication](https://awesome-repositories.com/f/security-cryptography/multi-factor-authentication.md) — Duo / Mobile Push → Second Factor → Time-Based One-Time Password → WebAuthn → ([source](https://www.authelia.com/configuration/second-factor/)) - [Multi-Factor Authentication Orchestration](https://awesome-repositories.com/f/security-cryptography/multi-factor-authentication-orchestration.md) — Coordinates various verification methods including hardware keys and mobile push notifications to enforce secondary security layers during login. - [Multi-Factor Authentication Strategies](https://awesome-repositories.com/f/security-cryptography/multi-factor-authentication-strategies.md) — Adding robust security layers like hardware keys and mobile push notifications to protect user accounts from unauthorized access. - [Access Control Policies](https://awesome-repositories.com/f/security-cryptography/access-control-policies.md) — Important Note This section does not apply to OpenID Connect 1.0. See the Frequently Asked Questions for more information. ## Variables Some of the values within this page can automatically be replaced with documentation ([source](https://www.authelia.com/configuration/security/access-control/)) - [Identity Provider Backends](https://awesome-repositories.com/f/security-cryptography/identity-provider-backends.md) — Abstracts user authentication by supporting multiple external directory services like LDAP or internal databases through a unified interface. - [Single Sign-On Providers](https://awesome-repositories.com/f/security-cryptography/single-sign-on-providers.md) — Frequently Asked Questions → Jira → Organizr → Paperless → Seafile → Seerr → Trusted Header SSO → ([source](https://www.authelia.com/integration/trusted-header-sso/)) - [Single Sign-On Solutions](https://awesome-repositories.com/f/security-cryptography/single-sign-on-solutions.md) — Enabling users to access various web services and platforms using one set of credentials without needing to log in repeatedly. - [Multi-Factor Authentication Providers](https://awesome-repositories.com/f/security-cryptography/multi-factor-authentication-providers.md) — A security layer that verifies user identity through multiple verification methods including time-based codes, hardware security keys, and push notifications. - [Reverse Proxy Authentication](https://awesome-repositories.com/f/security-cryptography/reverse-proxy-authentication.md) — Intercepts incoming HTTP requests at the gateway level to validate user identity before granting access to protected backend services. - [Stateless Session Management](https://awesome-repositories.com/f/security-cryptography/stateless-session-management.md) — Maintains user authentication state across distributed services using encrypted cookies to ensure consistent access control without requiring sticky sessions. - [Directory Services](https://awesome-repositories.com/f/security-cryptography/directory-services.md) — Active Directory → FreeIPA → GLAuth → LDAP → LLDAP → RFC2307bis → ([source](https://www.authelia.com/integration/ldap/)) - [Security Configurations](https://awesome-repositories.com/f/security-cryptography/security-configurations.md) — Access Control → Password Policy → Regulation → Security → ([source](https://www.authelia.com/configuration/security/)) ### DevOps & Infrastructure - [Container Images](https://awesome-repositories.com/f/devops-infrastructure/container-images.md) — The Docker container is deployed with the following image names: - authelia/authelia - docker.io/authelia/authelia - ghcr.io/authelia/authelia ## Get started It’s ***strongly recommended*** that users setting up *Autheli ([source](https://www.authelia.com/integration/deployment/docker/)) - [Kubernetes Integrations](https://awesome-repositories.com/f/devops-infrastructure/kubernetes-integrations.md) — Chart → Envoy → Envoy Gateway → Istio → Kubernetes → NGINX Ingress → Secrets → Traefik Ingress → ([source](https://www.authelia.com/integration/kubernetes/)) ### Development Tools & Productivity - [Configuration Management](https://awesome-repositories.com/f/development-tools-productivity/configuration-management.md) — 1. The configuration can be defined statically by YAML. 2. Most areas of the configuration can be defined by environment variables. ## Get started It’s ***strongly recommended*** that users setting up *Authelia* for the ([source](https://www.authelia.com/integration/deployment/automation/)) - [Command Line Interfaces](https://awesome-repositories.com/f/development-tools-productivity/command-line-interfaces.md) — Authelia → Authelia Access-Control → Authelia Access-Control Check-Policy → Authelia Build-Info → Authelia Config → Authelia Config Template → Authelia Config Validate → Authelia Crypto → Authelia Crypto Certificate → Au ([source](https://www.authelia.com/reference/cli/)) ### Data & Databases - [Database Migrations](https://awesome-repositories.com/f/data-databases/database-migrations.md) — Migrations → MySQL → PostgreSQL → SQLite3 → Storage → ([source](https://www.authelia.com/configuration/storage/)) ### Software Engineering & Architecture - [Configuration Schemas](https://awesome-repositories.com/f/software-engineering-architecture/configuration-schemas.md) — Uses structured text files to define complex security policies and identity provider integrations through a declarative and version-controlled format. ([source](https://www.authelia.com/configuration/definitions/)) ### System Administration & Monitoring - [Notification Systems](https://awesome-repositories.com/f/system-administration-monitoring/notification-systems.md) — File System → Notifications → SMTP → ([source](https://www.authelia.com/configuration/notifications/))