This Tool Fixed Auth Across My Entire Stack (Authentik)
BBetter Stack
Computing/SoftwareSmall Business/StartupsInternet Technology
Transcript
00:00:00Your stack probably looks clean until you hit the login page.
00:00:03One service for local auth, another has no multi-factor, another has a completely different
00:00:08user system. And now you're managing different logins across Docker or Kubernetes. It works
00:00:14until it really doesn't. This is authentic. A self-hosted tool that gives you SSO, MFA,
00:00:20pass keys, and central control across everything. I'll show you how to spin it
00:00:25and how to set it up over the next few minutes.
00:00:30[Music]
00:00:32Authentic is an open-source, self-hosted identity provider. Basically, it becomes a login system
00:00:39for all your apps. Instead of every service handling auth badly on its own or us tinkering
00:00:44things together, Authentic handles it all in one place. I get SSO, multi-factor authentication,
00:00:50user management, and access control. Think Okta, but you actually own it since it's open source.
00:00:56It supports everything you'd expect, but here's the big difference. Instead of fighting
00:01:01XML configs or being stuck in SaaS rules, Authentic uses Flow, Stages, and Python policies.
00:01:08So you build auth logic like a dev. That's the win here. It is really less fragmentation,
00:01:14better security, and no login. If you enjoy tools that speed up your workflow,
00:01:18be sure to subscribe. We have videos coming out all the time.
00:01:21More devs are moving away from clunky setups and cloud IDPs, not because Authentic is smaller,
00:01:28because it's more usable. Let me show you what this actually looks like.
00:01:32Now here I am with a fresh server, and with one command, "docker compose up," Authentic is running.
00:01:39That's really all we need here. Now I can open the admin UI, I can create an app,
00:01:44and I can add in OAuth as the provider or choose anything here. That takes less than 30 seconds.
00:01:50Next, I spin up a dummy app. Nothing really is going on here. I'm just going to set the
00:01:54redirect URL, localhost, drop in the client ID and secret that I got from Authentic, and now login.
00:02:01That's really it. I can add new users here and use them to log in with,
00:02:07so now I have access as the user instead of the admin. I don't have any custom login page,
00:02:13there's no password system to try and maintain, and there's no patchwork auth across services.
00:02:19This took about 90 seconds, and this app now has more production grade authentication.
00:02:24That's the moment this all clicks. It looks like it should be complex,
00:02:27but in practice it's rather simple. I can link together this whole authentication system here,
00:02:32choose how I want to do it on Authentic. But now how does this compare? Because there are others.
00:02:38We have keycloak. Keycloak is great, but it still feels really legacy heavy, it's more enterprise.
00:02:45Authilia is lightweight, but you can outgrow it fast. And then I mentioned Okta earlier,
00:02:50or even Auth0. These are polished, but we're paying, especially as you get more users.
00:02:56Authentic sort of lands in the middle of all this, right? There's full identity management,
00:03:01there's a visual flow builder, it was really flexible, and we don't have to pay all these SaaS
00:03:05costs. Now there is a paid version of this, okay, which I don't like at all, but the open source for
00:03:12a lot of us, we can do a lot with that. If you're scaling a lot, then you're going to be paying for
00:03:16that stuff. Again, I like open source tools. This is really open source, but we have to pay for a
00:03:22little if you're going to scale this a lot. The UI is modern and intuitive. The flow lets you visually
00:03:27build login logic. So all of this is great. And then having those Python policies gives you those
00:03:33detailed customizations when config isn't enough. Stalker first works with Kubernetes and it's API
00:03:40driven. All of this is really good. Plus you get a centralized MFA user management and a service
00:03:47portal all in one place. Now there are downsides. So firstly, yes, it is open source. And for many
00:03:52of us, that's great. But as you grow, as I mentioned, you need to pay, which I guess is like
00:03:58any service, sure. But you still don't like having to pay once you hit a certain limit. I don't like
00:04:04that, right? There is a learning curve. Honestly, it was kind of confusing to just get this installed,
00:04:09but once it was up and running, it worked really well. It's heavier than ultra lightweight tools
00:04:13as well. It's around two gigabytes of RAM. And if you don't run high availability, it becomes a
00:04:19single point of failure. So it's not perfect, but for most devs, we land on the same conclusion,
00:04:26right? It's hard to learn at first, but once we get it going, it's actually pretty useful.
00:04:30It's really good. It links a bunch of different things together. Now, is it worth it? Well,
00:04:35you guys be the judge of that. I mean, if you run a self-hosted stack, yeah, like home lab,
00:04:40internal tools, SaaS, on perm apps, that's going to be great. It's really useful for this.
00:04:45If you want real SSO and MFA everywhere, this solves a problem you already have. If you want
00:04:50control instead of pricing, it makes even more sense. And if you need custom auth logic, this
00:04:56is where it does really well. Now it does that well, but it's not going to be for you if you
00:05:00want something ultra lightweight with almost no setup. You got to set this up. Or if you
00:05:06are really scaling, then honestly, other paid providers are going to be better. But for most
00:05:11of us, once you set this up and something changes, auth stops being scattered across every app and
00:05:16becomes one system you actually control. And once you get it used to it, it's hard to go back. At
00:05:22least this makes a lot of sense. It's a cool tool to build into our workflows. If you enjoy open source
00:05:27tools and coding tips that speed up your workflow, be sure to subscribe to the better stack channel.
00:05:32We'll see you in another video.