Apache-2.0

Authelia

Lightweight authentication and authorization layer for reverse proxies

A self-hosted authentication gateway often used in front of web apps to provide MFA and access policies.

Visit Authelia View repository
Authelia main image

In depth

What it is

Authelia is a self-hosted authentication gateway often used in front of web apps to provide MFA and access policies.

Key features

  • Forward auth - Reverse-proxy authentication for internal web apps.
  • MFA - Multi-factor authentication with common second-factor methods.
  • Policies - Access control rules by domain, path, and user group.
  • OIDC - OIDC provider capabilities (configuration-dependent).

Strengths

  • Forward auth - Reverse-proxy authentication for internal web apps.
  • MFA - Multi-factor authentication with common second-factor methods.
  • Policies - Access control rules by domain, path, and user group.

Trade-offs

  • Scope - Not a full directory service or complete IdP replacement.
  • Integration - Requires proxy integration and consistent header handling.
  • Operations - Self-hosting adds upgrades, backups, and monitoring.

Pricing

Open-source software. Direct license cost is zero; costs are typically infrastructure, operations, and optional paid support or hosting.

Explore alternatives
Okta logo

Okta

Enterprise identity platform for SSO and lifecycle management

Microsoft Entra ID logo

Microsoft Entra ID

Cloud identity service for workforce and apps

Keycloak logo

Keycloak

Open-source IAM for SSO, OIDC, and SAML

authentik logo

authentik

Self-hosted identity provider with flexible authentication flows

See more