Skip to main content

Managed IAM / SSO

Managed Authentik Hosting

Modern open-source SSO: flow-based, developer-friendly, fully managed

License: MIT (core) GitHub: 15K stars Infra: 1–2 GB RAM, 1 vCPU

What is Authentik?

Authentik is a modern identity provider built for the cloud era. Its flow-based authentication builder, built-in LDAP and proxy providers, and clean UI make it easy to operate and configure, covering all common enterprise SSO use cases.

Use cases

  • Organizations wanting a modern, easy-to-operate identity provider
  • Teams protecting internal tools with reverse-proxy SSO
  • Zero-trust access gateway for internal services
  • Organizations needing LDAP for legacy apps alongside OIDC

Features

  • Flow-based authentication and enrollment builder
  • OIDC, OAuth2, SAML 2.0, LDAP, RADIUS, SCIM
  • Built-in proxy provider for header-based auth
  • MFA (TOTP, WebAuthn, Duo)
  • LDAP outpost for legacy applications
  • Blueprints for declarative configuration

Simple, transparent pricing

Same software, fraction of the cost.

Starter

Up to 500 users

From $30 /mo
  • Authentik + PostgreSQL + Redis
  • Up to 500 user accounts
  • OIDC / OAuth2 / SAML
  • Basic MFA (TOTP)
  • Daily backups
  • Email support
Contact us

Most popular

Business

Up to 5,000 users

From $45 /mo
  • Everything in Starter
  • Up to 5,000 users
  • LDAP and proxy providers
  • WebAuthn support
  • Custom flow branding
  • Priority support
Contact us

Enterprise

Unlimited users

From $60 /mo
  • Everything in Business
  • Unlimited users
  • RADIUS outpost
  • SCIM provisioning
  • SLA-backed uptime
  • Dedicated account manager
Contact us

Every plan includes

Managed hosting

Dedicated bare-metal servers

Automated backups

Daily backups with 30-day retention

SSL included

Automatic HTTPS with Let's Encrypt

Monitoring

24/7 uptime monitoring and alerting

Compliance-ready hosting

Every managed deployment runs on EU infrastructure. Data Processing Agreement available on request. All services covered under a single DPA.

View compliance documentation →

Frequently asked questions

What authentication protocols does Authentik support?

Authentik covers OIDC, OAuth2, SAML 2.0, LDAP, RADIUS, and SCIM. The built-in proxy provider also handles header-based auth for applications that lack native SSO support.

How does Authentik's proxy provider work for protecting internal tools?

Authentik deploys a lightweight outpost in front of your services. HTTP requests pass through it, and only authenticated sessions reach the upstream application. No changes to the app itself are needed.

Does SCIM provisioning require the Enterprise plan?

Yes. SCIM outbound provisioning to external directories is available on the Enterprise plan alongside the RADIUS outpost. Business and Starter cover OIDC, SAML, LDAP, and proxy authentication.

Can I export my Authentik configuration for migration?

Yes. Authentik's blueprint system exports your flows, stages, providers, and application bindings as YAML. We use those blueprints to import your setup into the managed instance with no manual recreation.

Ready to get started with Authentik?

Your instance is provisioned in minutes. No credit card required for a consultation.

Contact us