Authelia

Authelia is a container-native authentication and authorization portal that integrates with reverse proxies (e.g., NGINX, Traefik, Caddy) to enforce MFA and access policies across multiple web applications. It operates primarily as an OpenID Connect (OIDC) Provider and as a “trusted header” SSO service, extending centralized identity and adaptive access to web resources without external cloud dependencies.

Key Capabilities

Identity Protocols:

  • OpenID Connect 1.0 Provider — Certified under OpenID Foundation’s conformance tests for Basic, Implicit, Hybrid, Form Post, and Config profiles (May 2025).

  • Trusted Header SSO — Header-based identity propagation for legacy and non-OIDC-aware applications.

  • SAML 2.0 — On roadmap; not yet implemented.

Authentication & MFA:

  • WebAuthn/Passkey support, TOTP (e.g., Google Authenticator), and Duo Mobile Push for step-up or passwordless access.

  • LDAP and file-based primary authentication backends.

Policy Engine:

  • Fine-grained rules per domain, path, or group for enforcing step-up MFA or access restrictions.

Limitations

  • OIDC-only IdP: No SAML 2.0 or SCIM support as of 2025-10-24.

  • OIDC Provider in open beta: Some advanced OIDC features (dynamic client registration, token introspection) remain under development.

  • No managed service: Lacks SLA, uptime commitments, or compliance attestations (SOC 2, ISO 27001).

  • Operational complexity: Requires infrastructure ownership (Redis, SQL datastore, reverse proxy).

  • Helm chart and deployment tooling: Still marked beta; potential breaking changes before v1.0.

Customer Identity, Simplified.

No Complexity. No Limits.
Thousands of businesses trust LoginRadius for reliable customer identity. Easy to integrate, effortless to scale.

See how simple identity management can be. Start today!
Free Trial
Contact Sales