6 posts tagged with "IdP"

authentik is an open source Identity Provider that unifies your identity needs into a single platform, replacing Okta, Active Directory, and Auth0. Authentik Security is a public benefit company building on top of the open source project.

The reason your identity provider (IdP) is so important is the same reason they can be so sticky.

Your IdP touches everything in the business: every user across your entire workforce and all your applications. Setting up access for the right people to the right applications takes time, so it’s natural, when considering moving to a new IdP, to fear an equal time commitment for the migration — not just for configuration, but for coordination and communication across the whole company.

Migrations typically involve a large-scale “Day 0” export of rules and accounts from one provider to another. You flip the switch and hope that everything works after manually setting it all up.

As if switching one IdP isn’t hard enough, it’s not uncommon for companies to have multiple solutions stitched together. Individual teams may have come up with their own solutions, or they could have inherited systems from acquisitions or organizational changes. This leads to scenarios where large organizations might even have three or four different IdPs, directories, or other solutions patched together. Each of these might be on its own contract renewal cycle, making it difficult to coordinate a switchover without incurring a cost.

On the one hand, migrating IdPs is intimidating and risky. On the other, you face the administrative cost of maintaining a host of separate identity solutions, plus the security risk of not having a single place for visibility or administration of access.

authentik is an open source Identity Provider that unifies your identity needs into a single platform, replacing Okta, Active Directory, and Auth0. Authentik Security is a public benefit company building on top of the open source project.

Many of the high-profile security breaches of the 2010s involved hackers gaining access to username and password pairs. Before multi-factor authentication (MFA) was commonplace, these breaches effectively gave bad actors the keys to the kingdom, since people tend to reuse passwords across platforms and there was no second line of defense against attacks.

Today we have a lot more options for additional authentication steps, which we’ll explore below, while also taking a look at the choices we have made for authentik.

authentik is an open source Identity Provider that unifies your identity needs into a single platform, replacing Okta, Active Directory, and Auth0. Authentik Security is a public benefit company building on top of the open source project.

Our first release of the new year, version 2025.2, includes something for everyone, with the addition of a major new provider (Shared Signals Framework), authentication checks for "impossible travel" using our GeoIP policy, and Remote Access Control now available as an open source feature! Let's take a closer look at the 2025.2 release.

authentik is an open source Identity Provider that unifies your identity needs into a single platform, replacing Okta, Active Directory, and Auth0. Authentik Security is a public benefit company building on top of the open source project.

Our authentik 2024.12 release is compact, sweet, and packed with great goodies, just like the holidays ought to be!

We decided not to hold on to these new features and wait to release of them early next year; they are too good to keep to ourselves. And we all know that the holidays are the best times for escaping into some new code and functionality.

Let’s unpack the 2024.12 release and take a look.

authentik is an open source Identity Provider that unifies your identity needs into a single platform, replacing Okta, Active Directory, and Auth0. Authentik Security is a public benefit company building on top of the open source project.

In October 2023, Cloudflare announced that they had discovered yet another Okta compromise.

Cloudflare had to warn Okta first and show them how they had been breached via an insecure setup with a third-party service provider. A leading company offering security and identity as a service instead introduced insecurity.

Over the past decade or so, SaaS has become the dominant model for delivering software, and yet, such incidents aren’t surprising. The SaaS business model was supposed to align vendor and customer interests, while the technology allowed rapid updates and improvements. SaaS was supposed to bring an end to throwing software over the wall and letting customers deal with it.

Recently, however, we’ve seen many companies fleeing SaaS providers to build private clouds and run self-hosted software. At Authentik Security, we have seen more and more customers canceling legacy SaaS providers to take back control of their identity needs with our self-hosted solution.

At first glance, it looks like people are going back in time, but self-hosted software has advanced despite the popularity of SaaS and is increasingly likely to beat SaaS options across numerous measures. In this post, I’ll walk through why the industry defaults have changed and why we believe in focusing on a self-hosted product.

authentik is an open source Identity Provider that unifies your identity needs into a single platform, replacing Okta, Active Directory, and Auth0. Authentik Security is a public benefit company building on top of the open source project.

The XZ backdoor incident spooked a lot of people. Not all PRs are innocent—even from long-standing contributors—and this one would have created a backdoor in a utility included in almost all Linux distributions, had it not been caught.

But “open source = more vulnerable to exploits” is the wrong takeaway—being open source can actually be an advantage for security-focused products.