Skip to main content

Managed Modern LDAP / IAM

Managed Kanidm Hosting

Modern Rust-based IAM, built for security and simplicity

License: MIT GitHub: 3K stars Infra: 512 MB RAM, 1 vCPU (TLS certificates required)

What is Kanidm?

Kanidm is a next-generation identity management system written in Rust. It provides LDAP, RADIUS, OAuth2, and Unix account management in a single, lightweight, security-first package, without the complexity of traditional IAM systems.

Use cases

  • Linux/Unix shops needing modern SSO with POSIX accounts
  • Organizations modernizing legacy LDAP infrastructure
  • Security-focused teams wanting memory-safe Rust reliability
  • Small orgs wanting simple, low-overhead IAM

Features

  • LDAP v3 server for legacy application compatibility
  • OAuth2 / OIDC provider
  • RADIUS server built-in
  • POSIX account and group management
  • WebAuthn as the primary authenticator
  • Unix PAM and NSS integration

Simple, transparent pricing

Same software, fraction of the cost.

Starter

Up to 100 users

From $20 /mo
  • Kanidm server (managed TLS)
  • Up to 100 user accounts
  • LDAP + OAuth2 / OIDC
  • WebAuthn MFA
  • Daily backups
  • Email support
Contact us

Most popular

Business

Up to 500 users

From $30 /mo
  • Everything in Starter
  • Up to 500 users
  • RADIUS server
  • Unix POSIX accounts
  • Group policy management
  • Priority support
Contact us

Enterprise

Unlimited users

From $40 /mo
  • Everything in Business
  • Unlimited users
  • Custom schema extensions
  • Replication setup
  • SLA-backed uptime
  • Dedicated account manager
Contact us

Every plan includes

Managed hosting

Dedicated bare-metal servers

Automated backups

Daily backups with 30-day retention

SSL included

Automatic HTTPS with Let's Encrypt

Monitoring

24/7 uptime monitoring and alerting

Compliance-ready hosting

Every managed deployment runs on EU infrastructure. Data Processing Agreement available on request. All services covered under a single DPA.

View compliance documentation →

Frequently asked questions

What makes Kanidm different from OpenLDAP or FreeIPA?

Kanidm is written in Rust, so the attack surface from memory-safety bugs is significantly smaller. It also integrates LDAP, OAuth2/OIDC, RADIUS, and Unix POSIX accounts in a single binary with no separate directory server or Kerberos stack to maintain.

Can Kanidm authenticate Linux workstations via PAM/NSS?

Yes. Kanidm ships a Unix client that plugs into PAM and NSS, allowing Linux machines to resolve users and groups from Kanidm and authenticate via SSH keys or WebAuthn. POSIX accounts are available on Business and Enterprise plans.

Does Kanidm support WebAuthn as an MFA option?

WebAuthn is Kanidm's primary authenticator, not just a second factor. Users enroll a passkey or security key and log in without a password at all. TOTP is also supported as a fallback.

What user limits apply per plan?

Starter covers up to 100 users with LDAP and OAuth2/OIDC. Business extends to 500 users and adds RADIUS and Unix POSIX accounts. Enterprise is unlimited users with custom schema extensions and replication.

Ready to get started with Kanidm?

Your instance is provisioned in minutes. No credit card required for a consultation.

Contact us