How Authelia Enables Open‑Source Two‑Factor SSO for Your Apps

Everyone is familiar with login systems, and today we introduce Authelia, an open‑source authentication and authorization server that offers two‑factor authentication and single sign‑on (SSO) through a web portal for your applications.

Authelia can be paired with reverse proxies such as Nginx, Traefik, or HAProxy, allowing the proxy to decide whether to allow a request or redirect it to Authelia’s portal for authentication.

Below is a simple architecture diagram:

Authelia can be installed as a standalone service from AUR, APT, FreeBSD ports, or via static binaries, .deb packages, Docker, Kubernetes, or even a Helm chart (beta) that works with ingress controllers.

Here is what the Authelia login page looks like:

Authelia’s main features include:

Multiple second‑factor methods.

Email‑based password reset verification.

Access restriction after too many failed authentication attempts.

Fine‑grained access control rules matching subdomains, users, group memberships, request URI, method, network, and other conditions.

Choice between single‑factor and two‑factor strategies per rule.

Basic authentication support for endpoints protected by single‑factor policies.

High availability using remote databases and Redis as KV stores.

ForwardAuth middleware compatibility with out‑of‑the‑box Traefik.

LinuxServer’s Swag container and provided configuration.

Kubernetes support.

Beta support for OpenID Connect.

Currently, Authelia has received 9.9K stars and 472 forks on GitHub.

GitHub repository: https://github.com/authelia/authelia