7 Authentication

Note

Authentik as a family identity provider — OIDC, LDAP outpost, forward auth proxy — for 5–25 users across 12+ services.

7.1 What a family IDP needs to do

7.2 The evaluation

7.2.1 Authentik

7.2.2 Zitadel

7.2.3 Ory

7.2.4 Keycloak

7.2.5 Kanidm

7.2.6 Authelia

7.3 Why Authentik won

7.4 The LDAP outpost

7.5 Forward auth proxy

7.6 OIDC, LDAP, and forward auth — choosing the right pattern

7.7 Session design and the “wife test”

7.8 Deploying Authentik

7.9 What Authentik gets wrong

# Authentication {#sec-authentication}

::: {.callout-note}
Authentik as a family identity provider --- OIDC, LDAP outpost, forward auth proxy --- for 5--25 users across 12+ services.
:::

## What a family IDP needs to do

## The evaluation

### Authentik

### Zitadel

### Ory

### Keycloak

### Kanidm

### Authelia

## Why Authentik won

## The LDAP outpost

## Forward auth proxy

## OIDC, LDAP, and forward auth --- choosing the right pattern

## Session design and the "wife test"

## Deploying Authentik

## What Authentik gets wrong