Authelia - The Single Sign-On Multi-Factor Authentication Server

Authelia is an open-source authentication and authorization server providing two-factor authentication and single sign-on (SSO) for your applications via a web portal. It acts as a companion for reverse proxies like nginx, Traefik or HAProxy to let them know whether requests should either be allowed or redirected to Authelia's portal for authentication. Authelia works in combination with nginx, Traefik or HAProxy. It can be deployed on bare metal with Docker or on top of Kubernetes.

Its features include:

• Login portal to allow your users to login once and access everything.
• Users stored in a LDAP to provide their username and password as first factor.
• U2F security keys like Yubikeys as second factor.
• Supports Time-base one-time password generated by apps like Google Authenticator.
• Mobile push notifications is the new trendy second factor method. When second factor is requested by Authelia, a notification is sent on your phone that you can either accept or deny.
• Password reset - let your users reset their passwords with email confirmation in a few clicks.
• Regulates the number of login attempts made by a user to avoid brute force attacks.
• supports U2F security keys like Yubikeys as second factor.
• Allows to define a fine-grained rule-based access control policy in configuration
• supports the OpenID Connect OP role as a beta feature. The OP role is the OpenID Connect Provider role, not the Relaying Party or RP role. This means other applications that implement the OpenID Connect RP role can use Authelia as an authentication and authorization backend similar to how you may use social media or development platforms for login.