Tana Berry

authentik is an open source Identity Provider that unifies your identity needs into a single platform, replacing Okta, Keycloak, and Ping. Authentik Security is a public benefit company building on top of the open source authentik project.

To share some insight into how security teams talk, when in the comfort of our own team meetings, here's a little snapshot from last week:

The incident at Okta, with the full-circle failure of AI and the poor Okta engineer who AI-ed himself into a hot mess, generated a whole lot of conversation and took over our Friday meeting.

As Joshua Rogers aptly called it, the “AI slop security engineering” incident started with a report of two security issues to Okta's auth0/nextjs-auth0 project, along with a PR to fix it.

The incredible response from Okta was a downward-spiral of AI doing everything in the worst possible way: stripping the name of the contributor from the PR and committing it, then using AI to apologize for itself, and finally refusing to remove the AI-generated details of the commit and restore the contributor's attribution.

Even more interesting than the lurid details of the Okta's AI chasing its own tail, and painfully catching it, was our look inwards to how we each feel about AI, how we use it (sure, of course, we each use it to some varying degree), and what the professional and personal/moral implications are. This started a discussion amongst our team on how we collectively use, and don't use, AI in our daily professional lives.

We also discussed how we want to talk about our limited use of AI with you, our community.

authentik is an open source Identity Provider that unifies your identity needs into a single platform, replacing Okta, Keycloak, and Ping. Authentik Security is a public benefit company building on top of the open source authentik project.

In our 2025.10 release, we removed Redis as a required database. In this blog, we'll go over why we made that decision, why we wanted Redis in the first place, and how we went about removing Redis and instead relying fully on PostgreSQL.

In the software world, databases are often the unsung heroes, and decisions about their usage, schemas, and data storage practices are important, so we want to share our thinking behind this decision.

authentik is an open source Identity Provider that unifies your identity needs into a single platform, replacing Okta, Active Directory, and Auth0. Authentik Security is a public benefit company building on top of the open source authentik project.

Over a year ago we changed our release cadence to be around every two months, to optimize the rapid delivery of new features without waiting too long and having massively large releases. Version 2025.6 is a strong indicator that this cadence works well; it’s a short, sweet bundle of new features, performance enhancements, and a few minor improvements.

Let’s take a closer look at what’s in the 2025.6 release of authentik, your favorite identity provider.

authentik is an open source Identity Provider that unifies your identity needs into a single platform, replacing Okta, Active Directory, and Auth0. Authentik Security is a public benefit company building on top of the open source project.

With every authentik release, we highlight our commitment to delivering new features that focus on providing solutions for all of our users and the identity management challenges that they face.

Our 2025.4 release of authentik contains new features around increased configuration options for authentik Admins, with a new password history policy, the ability to pre-define a bundled set of permissions, setting reputation score limits to further harden access control, and a new "remember me" option.

This release also provides support for PostgreSQL connection pools, the Kubernetes Gateway API, and the ability to do lookups of LDAP group memberships based on user attributes.

Let's take a closer look at a few of these features.

The first ever authentik hackathon just wrapped on Sunday, and we had a great time!

A huge thanks to our persistent hackers, who hacked from Wednesday through Sunday, and made some fantastic contributions to authentik. We are already looking forward to the next one (winter 2023, maybe?), and to another round of intense fun with our community members.

Here at Authentik Security, we are serious about your online security and our work… and we are also serious about our first ever authentik hackathon!

We described our upcoming inaugural hackathon in an earlier blog, and even built a dedicated web page for it, but now I want to break down some of the key reasons you should consider joining us on July 26 through July 30!

Even though JWTs (JSON Web Tokens, pronounced “jots”) have been around since 2010, it’s worth examining their more recent rise to become the dominant standard for managing authentication requests for application access.

When JWTs were first introduced, it was immediately clear that they were already an improvement on using a single string to represent the user information needed for authentication. The single string credential method was simple, but not as secure. There was no way to provide additional data or internal checks about the validity of the string or its issuer. With JWTs, there are expanded capabilities with more parts; there is a header, JSON-encoded payloads (called “claims”, which hold data about the user and about the token itself, such as an expiration date), and a signature (either a private key or a private/public key combination).

Let’s look a bit more closely at what a JWT is, review a short history of JWT evolutions and adoption, then discuss how JWTs are used in authentik.

In a blog from last November 2022, titled “Next steps for authentik”, I wrote about the launch of Authentik Security, our open core company built around the open source project authentik.

In this post, we’d like to provide updates on our progress in building out Authentik Security the company, ramping up the feature set in our open source identity provider, and taking the first steps in developing and offering an enterprise-level feature set for the Cloud or self-hosting. We are enthusiastic about our path forward and our plans to take authentik from a project to a product.