I’m currently using Authelia to authenticate for some of my self hosted services. It works fine, but the limited user backends (ldap or… yaml??) make me want to look for an alternative.
Authentik seems good, but after looking at their website I get the feeling of imminent enshitification, where they’re going to either pull the rug on the open source version, or basically gatekeep essential features behind an enterprise license.
So, for those using Authentik, how has your experience been so far?
I’m on my phone rn and can’t write a longer post. This comment is to remind me to write an essay later. I’ve been using authentik heavily for my cybersecurity club and have a LOT of thoughts about it.
The tldr about authentik’s risk of enshittification is that authentik follows a pattern I call “supportware”. It’s when extremely (intentionally/accidentally) complex software (intentionally/accidentally) lacks edge cases in their docs,because you are supposed to pay for support.
I think this is a sustainable business model, and I think keycloak has some similar patterns (and other Red Hat software).
The tldr about authentik itself is that it has a lot of features, but not all of them are relevant to your usecase, or worth the complexity. I picked up authentik for invites (which afaik are rare, also official docs about setting up invites were wrong, see supportware), but invites may not something you care about.
Anyway. Longer essay/rant later. Despite my problems, I still think authentik is the best for my usecase (cybersecurity club), and other options I’ve looked at like zitadel (seems to be more developer focused),or ldap + sso service (no invites afaik) are less than the best option.
Sidenote: Microsoft entra is offers similar features to what I want from authentik, but I wanted to self host everything.
I like the “supportware” term, I can apply that to a few other tools (airbyte, teleport). I ended up setting up authentik today and it went really smoothly. So far I like it a lot, so hopefully the full enshittification process doesn’t happen soon. Even though right now I just want to use it for my own self-hosting purposes, I’m also interested in potentially using it for work. We have a few hundred thousand users and AWS cognito is getting pretty expensive.