Authelia

Authelia is an open-source identity and access management platform that provides single sign-on (SSO), multi-factor authentication (MFA), and reverse proxy authentication for web applications. Written in Go with a React frontend, Authelia has over 22,000 stars as of 2026 and serves as a self-hosted alternative to commercial IAM solutions like Okta and Auth0. Authelia sits in front of web applications as an authentication gateway, typically deployed behind a reverse proxy like Traefik, NGINX, Caddy, or HAProxy, intercepting requests and requiring authentication before forwarding traffic to backend services. Key features include: single sign-on across all protected applications (users authenticate once and gain access to all configured services), multi-factor authentication methods including TOTP (Time-based One-Time Passwords compatible with Google Authenticator, Authy, and YubiKey), WebAuthn (hardware security keys like YubiKey, SoloKey, and Windows Hello), Duo Push notifications, and mobile push notifications, password reset and self-service account management, user attribute-based access control policies (determining access based on user groups, email domain, IP ranges, and request methods), LDAP and Active Directory integration for user directory synchronization, file-based or database-backed user storage (supporting SQLite, MySQL, PostgreSQL, and Redis for sessions), session management with configurable timeouts and remember-me functionality, password complexity enforcement, rate limiting for brute force protection, password breach checking via Have I Been Pwned API, and an administrator dashboard for managing users, groups, and access policies.