authentik is an open source Identity Provider that unifies your identity needs into a single platform, replacing Okta, Keycloak, and Ping. Authentik Security is a public benefit company building on top of the open source project.

Starting with version 2025.10, authentik supports both SAML single logout and OpenID Connect (OIDC) front-channel logout and back-channel logout.

This means that when you terminate a session in authentik, it sends logout requests to all properly configured applications, ending sessions everywhere.

While SAML single logout has existed for years, OIDC logout specifications are newer, and back-channel logout in particular isn't yet widely adopted by many applications (service providers/relying parties) or other Identity Providers. Even the long supported SAML single logout usually only has front-channel support by applications and IdPs.

What is single logout?​

Single logout (SLO) is the natural complement to single sign-on. With single sign-on, once you authenticate to authentik, you can automatically access all other applications that use authentik as an identity provider. With single logout, once you log out of authentik, you're automatically logged out of all properly configured applications that you accessed through authentik.

Single logout works by leveraging the SAML protocol's single logout service URL and OIDC's front-channel and back-channel URLs specified in the spec. When a request is sent via the IdP to the application's configured logout URL, the application terminates the user's session.

Without single logout, when a user logs out of an IdP, their sessions stay active with every application they logged into, meaning either:

1. The user will have to manually visit each application and log out.

2. An administrator will have to visit each application manually and log out the user for them.

3. The user will end up leaving a plethora of orphaned accounts that may be vulnerable to being hijacked.

authentik is an open source Identity Provider that unifies your identity needs into a single platform, replacing Okta, Active Directory, and Auth0. Authentik Security is a public benefit company building on top of the open source project.

The first question you might be asking yourself after reading the title of this post is

"Why in the @#$%&! would you do that"

If that wasn't the first thing that came to your mind, you're probably wondering what EAP even is and why you should be so taken aback. Don't worry, I will try to answer both of these questions with this blog post.

authentik is an open source Identity Provider that unifies your identity needs into a single platform, replacing Okta, Active Directory, and Auth0. Authentik Security is a public benefit company building on top of the open source authentik project.

Over a year ago we changed our release cadence to be around every two months, to optimize the rapid delivery of new features without waiting too long and having massively large releases. Version 2025.6 is a strong indicator that this cadence works well; it’s a short, sweet bundle of new features, performance enhancements, and a few minor improvements.

Let’s take a closer look at what’s in the 2025.6 release of authentik, your favorite identity provider.

authentik is an open source Identity Provider that unifies your identity needs into a single platform, replacing Okta, Entra ID, and Keycloak. Authentik Security is a public benefit company building on top of the open source project.

Identity and access management is a complex, sprawling space. Many of our largest customers come to us having implemented or inherited multiple identity providers, governance solutions, device management platforms, and other point solutions. All of these products help provide access to, or integrate with, many hundreds of applications for thousands of users (or more!) across endless groups and sub-organizations.

A few themes have emerged in why our enterprise customers most frequently choose to add yet another product and migrate their IAM needs to authentik. We will highlight some of those common use cases here in case they apply to your organization.

In short, our customers are saving time and money by streamlining their operations with a more flexible, reliable solution and a more responsive, trustworthy vendor. Here is what we most frequently hear from these customers:

authentik is an open source Identity Provider that unifies your identity needs into a single platform, replacing Okta, Active Directory, and Auth0. Authentik Security is a public benefit company building on top of the open source project.

With every authentik release, we highlight our commitment to delivering new features that focus on providing solutions for all of our users and the identity management challenges that they face.

Our 2025.4 release of authentik contains new features around increased configuration options for authentik Admins, with a new password history policy, the ability to pre-define a bundled set of permissions, setting reputation score limits to further harden access control, and a new "remember me" option.

This release also provides support for PostgreSQL connection pools, the Kubernetes Gateway API, and the ability to do lookups of LDAP group memberships based on user attributes.

Let's take a closer look at a few of these features.

authentik is an open source Identity Provider that unifies your identity needs into a single platform, replacing Okta, Active Directory, and Auth0. Authentik Security is a public benefit company building on top of the open source project.

The reason your identity provider (IdP) is so important is the same reason they can be so sticky.

Your IdP touches everything in the business: every user across your entire workforce and all your applications. Setting up access for the right people to the right applications takes time, so it’s natural, when considering moving to a new IdP, to fear an equal time commitment for the migration — not just for configuration, but for coordination and communication across the whole company.

Migrations typically involve a large-scale “Day 0” export of rules and accounts from one provider to another. You flip the switch and hope that everything works after manually setting it all up.

As if switching one IdP isn’t hard enough, it’s not uncommon for companies to have multiple solutions stitched together. Individual teams may have come up with their own solutions, or they could have inherited systems from acquisitions or organizational changes. This leads to scenarios where large organizations might even have three or four different IdPs, directories, or other solutions patched together. Each of these might be on its own contract renewal cycle, making it difficult to coordinate a switchover without incurring a cost.

On the one hand, migrating IdPs is intimidating and risky. On the other, you face the administrative cost of maintaining a host of separate identity solutions, plus the security risk of not having a single place for visibility or administration of access.

authentik is an open source Identity Provider that unifies your identity needs into a single platform, replacing Okta, Active Directory, and Auth0. Authentik Security is a public benefit company building on top of the open source project.

Many of the high-profile security breaches of the 2010s involved hackers gaining access to username and password pairs. Before multi-factor authentication (MFA) was commonplace, these breaches effectively gave bad actors the keys to the kingdom, since people tend to reuse passwords across platforms and there was no second line of defense against attacks.

Today we have a lot more options for additional authentication steps, which we’ll explore below, while also taking a look at the choices we have made for authentik.

authentik is an open source Identity Provider that unifies your identity needs into a single platform, replacing Okta, Active Directory, and Auth0. Authentik Security is a public benefit company building on top of the open source project.

Our first release of the new year, version 2025.2, includes something for everyone, with the addition of a major new provider (Shared Signals Framework), authentication checks for "impossible travel" using our GeoIP policy, and Remote Access Control now available as an open source feature! Let's take a closer look at the 2025.2 release.

authentik is an open source Identity Provider that unifies your identity needs into a single platform, replacing Okta and Auth0, Ping, and Entra ID. Authentik Security is a public benefit company building on top of the open source project.

We're making some updates to our open source and enterprise features and support. These changes allow us to scale with the demand we're seeing for authentik—both open source and enterprise—and maintain our commitment to open source as a Public Benefit Company.

TL;DR:

• Remote Access Control is free and open source!
• No minimum user counts are required for paid plans
• Ticket-based support is available for paid plans over $1,000
• Enterprise support is available for contracts over $20,000

Read more details below!

authentik is an open source Identity Provider that unifies your identity needs into a single platform, replacing Okta, Active Directory, and Auth0. Authentik Security is a public benefit company building on top of the open source project.

Our authentik 2024.12 release is compact, sweet, and packed with great goodies, just like the holidays ought to be!

We decided not to hold on to these new features and wait to release of them early next year; they are too good to keep to ourselves. And we all know that the holidays are the best times for escaping into some new code and functionality.

Let’s unpack the 2024.12 release and take a look.