Skip to main content

Authelia

Authelia is an open-source authentication and authorization server that provides Single Sign-On (SSO) and multi-factor access control for web applications and reverse proxies in self-hosted and enterprise environments.

  • Self-hosted authentication and authorization platform for web applications
  • SSO support for multiple upstream applications (identity and access management)
  • Multi-factor authentication (MFA) and policy-based access control (security)
  • Integration with reverse proxies and gateways such as Nginx and Traefik (access management)
  • Support for directory backends and standard web authentication protocols (identity integration)

More About Authelia

Authelia operates as a self-hosted authentication and authorization server positioned for environments where organizations manage their own infrastructure, such as private data centers, cloud-hosted virtual machines, or container platforms. It is typically deployed in front of web applications via a reverse proxy, acting as an identity and access management (IAM) layer that centralizes login, multi-factor authentication, and access policies across multiple internal or external services.

The platform is frequently integrated with reverse proxies and ingress controllers like Nginx, Traefik, or similar components, which delegate authentication decisions to Authelia before routing traffic to backend applications. In this architecture, Authelia issues session cookies and enforces rules that determine which users, groups, or networks may reach specific endpoints, URLs, or applications. This architecture aligns with common access management patterns where an authentication portal and policy engine sit between end users and protected resources.

Authelia supports SSO (identity and access management) workflows, allowing users to authenticate once and reuse that session across multiple protected applications. It implements multi-factor authentication (MFA) (security), typically via time-based one-time passwords (TOTP) or other second-factor mechanisms configured by the administrator. Policies can be defined to require Multifactor Authentication (MFA) for particular resources, user groups, or access conditions, providing granular control over security requirements within an enterprise environment.

The project uses standard web authentication and authorization techniques, including secure cookies, headers, and redirects between the reverse proxy and the Authelia portal. It can integrate with external identity sources and directories, such as LDAP-based services (directory services), for user and group management. Configuration-driven policy definitions allow infrastructure and platform teams to manage access rules as code, which aligns with common GitOps or configuration-as-code workflows used in DevOps and platform engineering teams.

In enterprise or institutional contexts, Authelia is positioned as an open-source option in the access management and web SSO category. It addresses needs such as securing internal dashboards, admin consoles, developer tools, and user-facing applications behind a uniform login and MFA experience, without delegating authentication to a third-party Software-as-a-Service (SaaS). Its deployment model and integration with reverse proxies make it relevant for organizations that already standardize on Hypertext Transfer Protocol (HTTP) gateways or ingress controllers as traffic entry points and prefer to maintain direct control over identity, session management, and access policies.

At-A-Glance

Connect

Market Segmentation

  • Type: Private
  • Sector: Information Technology
  • Group: Software & Services
  • Industry: Internet Software & Services
  • Sub-Industry: Internet Software & Services

Projects