Authelia is an open-source authentication application which can be used for single sign-on and 2FA (two-factor authentication) for applications through a login portal.
Main Features of Authelia
- Several kinds of second factor authentication:
- Security Key (U2F) with Yubikey.
- Time-based One-Time password with Google Authenticator.
- Mobile Push Notifications with Duo.
- Password reset with identity verification using email confirmation.
- Single-factor only authentication method available.
- Access restriction after too many authentication attempts.
- Fine-grained access control per subdomain, user, resource and network.
- Support of basic authentication for endpoints protected by single factor.
Example of the Authelia Flow
Docker Compose Example
Authelia provides different configuration types depending on the required types of authentication and external dependencies. If used in a small scale for public services the Lite bundle should be fine. Take a look at the Authelia Github page for more information.
Authelia Reverse Proxy Setup
I use the Swag Nginx Docker container which includes Authelia built in but needs to be enabled. Additional information for troubleshooting can be found on the Proxy Integration page maintained by Authelia.
Authelia provides additional security to any services or hosted applications which are public facing and might not provide its own login method or where a 2FA is needed. Installation requires no coding to integrate and is done with some basic configuration files and reverse proxy setup which is all covered in the documentation.