authentik version 2025.6 is here!

authentik is an open source Identity Provider that unifies your identity needs into a single platform, replacing Okta, Active Directory, and Auth0. Authentik Security is a public benefit company building on top of the open source authentik project.

---

Over a year ago we changed our release cadence to be around every two months, to optimize the rapid delivery of new features without waiting too long and having massively large releases. Version 2025.6 is a strong indicator that this cadence works well; it’s a short, sweet bundle of new features, performance enhancements, and a few minor improvements.

Let’s take a closer look at what’s in the 2025.6 release of authentik, your favorite identity provider.

New features

• mTLS stage: (Enterprise) The Mutual TLS stage enables authentik to use client certificates to enroll and authenticate users. These certificates can be local to the device or available via PIV Smart Cards, Yubikeys, etc. For environments where certificates are already rolled out, this can make authentication a lot more seamless. Refer to our technical documentation for more information.
• Email verification compatibility with link scanners: We have improved compatibility for environments with automated scanning software that inadvertently invalidated one-time links sent by authentik.
• LDAP source sync forward deletions: With this option enabled, users or groups created in authentik via LDAP sources will also be removed from authentik if they are deleted from the LDAP source. For more information, please refer to our LDAP source documentation.

Enhancements

• Provider sync performance: We have implemented parallel scheduling for outgoing syncs to provide faster synchronization.
• Branding: Custom branding should now be more consistent on initial load, without flickering.
• Remote Access Control (RAC) improved documentation: Added content about how to authenticate using a public key and improved the wording and formatting throughout the topic.

Changes to be aware of

You’ll want to carefully review this section and make any needed changes.

• Helm chart dependencies upgrades:

  • The PostgreSQL chart has been updated to version 16.7.4. The PostgreSQL image is no longer pinned in authentik's default values and has been upgraded from version 15 to 17. Follow our PostgreSQL upgrade instructions to update to the latest PostgreSQL version.
  • The Redis chart has been updated to version 21.1.6. There are no breaking changes and Redis has been upgraded from version 7 to 8.

• Deprecated and frozen :latest container image tag after 2025.2

  Using the :latest tag with container images is not recommended as it can lead to unintentional updates and potentially broken setups. The tag will not be removed, however it will also not be updated past 2025.2. We strongly recommended the use of a specific version tag for authentik instances' container images, such as :2025.6.

• CSS: We’ve made some improvements to our theming system. If your authentik instance uses custom CSS, you might need to review flow and user interfaces for any visual changes.

New integration guides

We have added several important integration guides, with instructions for how to configure authentik SSO for important applications such as Stripe, Atlassian Cloud, Pangolin, and many others. Several of these guides were submitted by our community members; Thank You for these contributions!

• Atlassian Cloud (Jira, Confluence, etc)
• Coder
• FileRise
• Komodo
• Pangolin
• Push Security
• Stripe
• Tailscale
• YouTrack

Upgrade to version 2025.6

Refer to our Upgrade documentation and the Release Notes for detailed instructions.

Enjoy the new release, and as always, reach out to us with any questions or feedback! Connect with us on GitHub, Discord, or with an email to [email protected].