authentik is an open source Identity Provider that unifies your identity needs into a single platform, replacing Okta, Active Directory, and auth0. Authentik Security is a public benefit company building on top of the open source project.
Even though we are shouting Happy Birthday to Us, we want to start by saying:
Thank You to you all, our users and supporters and contributors, our questioners and testers!
We simply would not be here, celebrating our 1-year mark, without your past and present support. While there are only 7 employees at Authentik Security, we know that our flagship product, authentik, has a much bigger team... you all! Our contributors and fellow builders and users are on the same team that took us this far, and we look forward to continuing the journey with you to build our amazing authentication platform on authentik!
Our CTO, Jens Langhammer, began coding authentik in 2018, with the first commit on November 11. By October of 2021 there was already excitement around the project, much of it on Reddit, not your usual suspect for open source news. The enthusiasm about the SSO project caught eyes in the ecosystem.
The initial emails about building a company happened in April 2022, when Open Core Ventures approached Jens and expressed interest in supporting his open source project with funding and operational guidance. A matter of months later, and some hard thinking by Jens, the dotted lines were signed, the funding was there, and in November of 2022 Authentik Security was founded.
There are hundreds of thousands of open source projects out there; to have authentik selected, and deemed robust and useful enough to receive backing and support, with an opportunity to turn it into a proper company with the resources needed to keep building new features, was a remarkable opportunity.
Sure, building a community is an exciting opportunity, but it's also a slightly terrifying one. Those of us who work in open source ecosystems understand well how important it is to simultaneously demonstrate steady growth and dedication to the project, a willingness to take risks, and above all, value. Building software is almost always fun; building software that solves problems is also really hard work.
Fast forward a year (and it WAS fast!)…
A year flies when you’re having fun
A lot happens in a year. This week we are celebrating our 1st full year as an incorporated company. The past year was focused on Jens settling into his role as CTO, hiring the team, pulling us all together to keep releasing new features, and learning the joy of pre-sales work and calls with customers. (Hint: he’d rather be coding!)
Once you get to know Jens, you won’t be surprised to his answer about what he was most looked forward to about building up a team and a company and further building out the product:
- Building [even more] cool features that he didn’t have the time to do all himself, and hiring professionals to do specialized work.
- Building something that outlasts the builder… something useful to the world, working with other founders, and taking a project to a product to a software staple.
Building a new team from scratch
That task alone will scare most of us. In software, team work is most definitely what makes the dream work, so finding the right talents and skills sets and experiences to compliment Jens’ deep technical skills and full-stack experience was of paramount importance. We now have developers with expertise in frontend and backend development, infrastructure, and security, a well as a content editor.
Of course, it is not just the technical skills that a potential new hire needs; as important are less-measurable skills like collaboration, communication, and perhaps most importantly, what we call “technical curiosity”.
How does this thing work, from whom can I learn more, and with whom can I share my knowledge?
We have that team now, and are grateful for it. Celebrating the one-year mark of Authentik Security means a lot to us!
Keep those PRs merging
Keeping new functionality rolling out (and keeping up with Issues and PRs in our repository) never slowed down much, even during the period of incorporating as a company and building a team. Support for new providers, becoming OpenID certified, adding support for SCIM and RADIUS protocols, and a lot more.
Right at the end of our first year, we released our Enterprise version, with dedicated support. And just last week, we rolled out one of the most important capabilities in an identity management platform: RBAC (role-based access control).
New processes, new ideas, and expected growing pains
With a new team, come new processes. Someone has to decide which emoji to use for which infrastructure task that’s completed.
OK, ok, beyond selecting emojis, we also (slowly and deliberately) defined new logical and pragmatic ways to create discrete work tasks and to track work by sprints. This effort went in fits and stops and starts; now we move much more rapidly with our defined tasks and open communication about who is working on what. We are also formalizing our release processes, doubling-down on our CI/CD pipeline and deployment packaging testing, and implementing technical review for all published content.
Increased team size means more ideas, often brought in by someone on the team who gained experience in a certain area on their previous job. For example, some of our happy implementations include moving to ArgoCD (yay for deploying your PR’s app modifications in a test environment!), a suggestion from our Infrastructure engineer. As was the decision to move fully to IPv6 (look for an upcoming blog about that soon!). Our frontend developer is busy building the UI layer for new features (RBAC is here!) and as he goes, templatizing our frontend workflows and components. Further expertise in APIs, security, and technical content are part of the team.
We can say that our growing pains haven’t been too dreadful. Sure, there was the one month when we went back and forth between three tools for tracking work tasks, but… In general, there’s nothing that a good conversation and some testing can’t solve.
Perhaps the biggest growing pain is the rest of the team learning how to prevent the founder from working himself into exhaustion. ;-)
A founder’s brain and heart
Our team at authentik has a shared love of building things, and that shapes both how we work together and also our product, even how we communicate with our community.
An interesting offset to our shared love of building is the shared sense of humility, of which we get daily doses from Jens.
To build boldly yet with humility is what sets some founders apart from others.
The tone and espirit of the company is one reason it’s so meaningful to celebrate our 1-year birthday; we can happily celebrate a hard year of doing things with full, enthusiastic engagement. At authentik, nerdiness is embraced, technical curiosity flourishes, and transparency is a big part of our nature. Speaking of how we communicate with our community, our Discord forum is (in addition to GitHub) an important place where transparency matters. For example, we recently asked our community what they preferred for a release cycle. Based on the answers, we lengthened the release time from from monthly to every two or three months.
Moving from a role of solo creator of an open source project, to being primary maintainer of a popular, growing project, to suddenly being CTO of a company based on that project is a quite a transition. A natural question we wanted to ask Jens is “What’s been the hardest thing about building a company?” His answers:
- “Recognizing and accepting that you don’t get to work on only what you want to, 100% of time… “
- “Learning to delegate, learning to let go a bit, trusting others to do it in their way, in the right spirit. Especially letting others get into the code… I’ve learned that instead of saying ‘I would not have done it this way’, I instead measure the success of the change itself.”
What’s up next?
Going forward, we want to keep our focus on building features and supporting authentication protocols that our users want, but we have also identified several specific goals for this coming year:
- Increase our focus on UX and ease-of-use, templatizing as much as possible of the frontend components, and developing a UI style Guide
- Research and implement new functionality around remote machine access and management
- Defining increasingly robust tests and checks for our CI/CD pipeline and build process
- Implementing even stronger integration and migration testing, both automated and manual
- Spending more time on outreach and learning from our users about what you all want and where we can improve.
This space of security and authentication is a hard space, especially with larger configurations with multiple providers, large user sets to be imported, and the absolute minute-by-minute race against malevolent hackers.
Oh, and then there is that business of actually promoting and selling your product. But, as a team, we are proud of the product and excited to share it with others who need a solid, secure authentication platform.