Managed IAM / SSO
Managed Authentik Hosting
Modern open-source SSO: flow-based, developer-friendly, fully managed
What is Authentik?
Authentik is a modern identity provider built for the cloud era. Its flow-based authentication builder, built-in LDAP and proxy providers, and clean UI make it easy to operate and configure, covering all common enterprise SSO use cases.
Use cases
- Organizations wanting a modern, easy-to-operate identity provider
- Teams protecting internal tools with reverse-proxy SSO
- Zero-trust access gateway for internal services
- Organizations needing LDAP for legacy apps alongside OIDC
Features
- Flow-based authentication and enrollment builder
- OIDC, OAuth2, SAML 2.0, LDAP, RADIUS, SCIM
- Built-in proxy provider for header-based auth
- MFA (TOTP, WebAuthn, Duo)
- LDAP outpost for legacy applications
- Blueprints for declarative configuration
Simple, transparent pricing
Same software, fraction of the cost.
Starter
Up to 500 users
- Authentik + PostgreSQL + Redis
- Up to 500 user accounts
- OIDC / OAuth2 / SAML
- Basic MFA (TOTP)
- Daily backups
- Email support
Most popular
Business
Up to 5,000 users
- Everything in Starter
- Up to 5,000 users
- LDAP and proxy providers
- WebAuthn support
- Custom flow branding
- Priority support
Enterprise
Unlimited users
- Everything in Business
- Unlimited users
- RADIUS outpost
- SCIM provisioning
- SLA-backed uptime
- Dedicated account manager
Every plan includes
Managed hosting
Dedicated bare-metal servers
Automated backups
Daily backups with 30-day retention
SSL included
Automatic HTTPS with Let's Encrypt
Monitoring
24/7 uptime monitoring and alerting
Compliance-ready hosting
Every managed deployment runs on EU infrastructure. Data Processing Agreement available on request. All services covered under a single DPA.
Frequently asked questions
What authentication protocols does Authentik support?
Authentik covers OIDC, OAuth2, SAML 2.0, LDAP, RADIUS, and SCIM. The built-in proxy provider also handles header-based auth for applications that lack native SSO support.
How does Authentik's proxy provider work for protecting internal tools?
Authentik deploys a lightweight outpost in front of your services. HTTP requests pass through it, and only authenticated sessions reach the upstream application. No changes to the app itself are needed.
Does SCIM provisioning require the Enterprise plan?
Yes. SCIM outbound provisioning to external directories is available on the Enterprise plan alongside the RADIUS outpost. Business and Starter cover OIDC, SAML, LDAP, and proxy authentication.
Can I export my Authentik configuration for migration?
Yes. Authentik's blueprint system exports your flows, stages, providers, and application bindings as YAML. We use those blueprints to import your setup into the managed instance with no manual recreation.
Ready to get started with Authentik?
Your instance is provisioned in minutes. No credit card required for a consultation.
Contact us