Managed Modern LDAP / IAM
Managed Kanidm Hosting
Modern Rust-based IAM, built for security and simplicity
What is Kanidm?
Kanidm is a next-generation identity management system written in Rust. It provides LDAP, RADIUS, OAuth2, and Unix account management in a single, lightweight, security-first package, without the complexity of traditional IAM systems.
Use cases
- Linux/Unix shops needing modern SSO with POSIX accounts
- Organizations modernizing legacy LDAP infrastructure
- Security-focused teams wanting memory-safe Rust reliability
- Small orgs wanting simple, low-overhead IAM
Features
- LDAP v3 server for legacy application compatibility
- OAuth2 / OIDC provider
- RADIUS server built-in
- POSIX account and group management
- WebAuthn as the primary authenticator
- Unix PAM and NSS integration
Simple, transparent pricing
Same software, fraction of the cost.
Starter
Up to 100 users
- Kanidm server (managed TLS)
- Up to 100 user accounts
- LDAP + OAuth2 / OIDC
- WebAuthn MFA
- Daily backups
- Email support
Most popular
Business
Up to 500 users
- Everything in Starter
- Up to 500 users
- RADIUS server
- Unix POSIX accounts
- Group policy management
- Priority support
Enterprise
Unlimited users
- Everything in Business
- Unlimited users
- Custom schema extensions
- Replication setup
- SLA-backed uptime
- Dedicated account manager
Every plan includes
Managed hosting
Dedicated bare-metal servers
Automated backups
Daily backups with 30-day retention
SSL included
Automatic HTTPS with Let's Encrypt
Monitoring
24/7 uptime monitoring and alerting
Compliance-ready hosting
Every managed deployment runs on EU infrastructure. Data Processing Agreement available on request. All services covered under a single DPA.
Frequently asked questions
What makes Kanidm different from OpenLDAP or FreeIPA?
Kanidm is written in Rust, so the attack surface from memory-safety bugs is significantly smaller. It also integrates LDAP, OAuth2/OIDC, RADIUS, and Unix POSIX accounts in a single binary with no separate directory server or Kerberos stack to maintain.
Can Kanidm authenticate Linux workstations via PAM/NSS?
Yes. Kanidm ships a Unix client that plugs into PAM and NSS, allowing Linux machines to resolve users and groups from Kanidm and authenticate via SSH keys or WebAuthn. POSIX accounts are available on Business and Enterprise plans.
Does Kanidm support WebAuthn as an MFA option?
WebAuthn is Kanidm's primary authenticator, not just a second factor. Users enroll a passkey or security key and log in without a password at all. TOTP is also supported as a fallback.
What user limits apply per plan?
Starter covers up to 100 users with LDAP and OAuth2/OIDC. Business extends to 500 users and adds RADIUS and Unix POSIX accounts. Enterprise is unlimited users with custom schema extensions and replication.
Ready to get started with Kanidm?
Your instance is provisioned in minutes. No credit card required for a consultation.
Contact us