43 posts tagged with "authentication"

authentik is an open source Identity Provider that unifies your identity needs into a single platform, replacing Okta, Active Directory, and auth0. Authentik Security is a public benefit company building on top of the open source project.

We’ve already seen high-profile migrations away from microservices (for example Amazon, Uber, and Google), and just recently The Pragmatic Engineer shared how teams at some companies have suffered in the wake of mass layoffs, as there simply aren’t enough staff to operate the thousands of services built by what used to be much larger engineering organizations. The tide has turned against microservices.

We’re happy to see a shift away from architecture inspired by buzzwords. In many cases (especially if you’re a small startup), you really don’t need microservices, you just need well-demarcated code. There are some good use cases for microservices however—when they address a genuine technical challenge—and this article is about one of them.

authentik is an open source Identity Provider that unifies your identity needs into a single platform, replacing Okta, Active Directory, and auth0. Authentik Security is a public benefit company building on top of the open source project.

Since November 2022, authentik has gone from an open source project with one maintainer writing most of the code (me), to having a real business built on top of it—with six full-time team members across the globe. We celebrated the company’s first birthday last year, but I wanted to share some personal reflections from my own journey from maintainer to CTO.

What’s worked​

Standardizing and templatizing (on some things)​

One of the advantages of a greenfield environment is being able to choose my own constellation of tools and workflows to make things as easy and efficient as possible.

You might think that standardizing of any sort is the remit of scale-ups and big corporations with compliance requirements, but the business efficiency and simplicity that comes with it is also a huge bonus for lean startups.

authentik is an open source Identity Provider that unifies your identity needs into a single platform, replacing Okta, Active Directory, and auth0. Authentik Security is a public benefit company building on top of the open source project.

In January of 2024, a well-known open-source maintainer wrote the following message to a contributor: “You copied that function without understanding why it does what it does, and as a result your code IS GARBAGE. AGAIN.”

If you’ve been in open source long enough, you might recognize the tone of Linus Torvalds, creator and lead developer of the Linux kernel. Torvalds’ sometimes cruel messages aren’t rare (there’s a whole subreddit for these rants, after all). But in this case, the target – Google engineer Steven Rostedtstands – stands out.

If we put aside the substance of the disagreement, we can acknowledge that the tone can be intimidating – not so much to Rostedtstands, who can likely handle himself, but to onlookers who are curious about contributing. Not all of open source is like this, of course, but enough of it is like this (or close to this) that exchanges like these can make contributing to open source scarier than it needs to be.

How can a brand new contributor, much less a Google engineer, feel brave enough to contribute?

The initial temptation, for me and probably many open-source fans, is to tell new contributors it’ll all be fine. There are bad parts, we might say, but there are good parts, too. But this approach risks invalidating their fears.

In this article, I’m going to lay out five real reasons why contributing to open source can be scary for new contributors. Alongside those reasons, though, I’m going to provide five practical ways to face the fears and contribute anyway.

authentik is an open source Identity Provider that unifies your identity needs into a single platform, replacing Okta, Active Directory, and auth0. Authentik Security is a public benefit company building on top of the open source project.

Hello world! I'm excited to be joining Authentik Security as CEO. I wanted to take this opportunity to share the experience of my first week with the community and a bit about my background.

At the start of my very first "official" day on the job, I got an overview of the various applications we use from Jens, our founder and CTO. If you have ever been through a company onboarding process, you know that it might take a few days up to a couple weeks to get access to everything, sometimes even longer. In a small and agile startup, that might be as little as a day if you're lucky.

authentik is an open source Identity Provider that unifies your identity needs into a single platform, replacing Okta, Active Directory, and auth0. Authentik Security is a public benefit company building on top of the open source project.

We are happy to announce that 2024 is starting off great, with our first release of the year chock full of new features. Take a look at the new features and functionality included in the release, check out the Release Notes for more details and upgrade instructions, and enjoy the new features!

We confess we are possibly the most excited about this release than any in a while, with some new Admin-level capabilities, enhanced functionality for developers (our DX game is heating up!), and some great UX/usability and customization enhancements.

Let’s start with some of the big features, the ones that kept us busy over the holidays and into the new year.

authentik is an open source Identity Provider that unifies your identity needs into a single platform, replacing Okta, Active Directory, and auth0. Authentik Security is a public benefit company building on top of the open source project.

In 2024, Tom Scott and Jynn Nelson, otherwise different people in different worlds, faced very similar problems.

• Tom Scott is a YouTuber who, as of this writing, has gotten nearly 2 billion views across over 700 videos. Nearly 6.5 million people subscribe to Tom Scott’s YouTube channel.
• Jynn Nelson, a senior engineer, is a major maintainer of Rust, an open-source project that 2023 StackOverflow research showed was the most admired language among developers. About 2.2 million people are Rust developers.

In a goodbye video, Scott announced an extended break from his channel, saying, "I am so tired. There's nothing in my life right now except work.”

In a post called the rust project has a burnout problem, Nelson wrote, articulating sentiments across the Rust community, “you want a break, but you have a voice in the back of your head: ‘the project would be worse without you.’”

It’s unfortunate that this comparison makes the best opening to the point of this post: open source developers are much more like content creators than most people tend to assume.

If anything, when you look at the history of the Internet and the history of distributing content online, open source developers might be the original content creators.

By looking at the paths they have both paved and recontextualizing their work within a broader view of the creator economy, we can come to a better understanding of the shared futures of content creators and open source developers.

authentik is an open source Identity Provider that unifies your identity needs into a single platform, replacing Okta, Active Directory, and auth0. Authentik Security is a public benefit company building on top of the open source project.

At the time of writing this post, the downfalls of using YAML as a templating language are being debated on Hacker News. The headache of trying to customize Helm charts is a gripe we share at Authentik, which we’ll get into below.

This post is about how we test and deploy authentik using containers, some gotchas we’ve encountered, and lessons we’ve picked up along the way.

When the company founder is from an Infrastructure background, and the first person he decides to hire (that's me!) is also from Infra, you can imagine that we end up with some pretty strong opinions about tools and processes.

This is part of an ongoing series about the tools and products that make up authentik’s stack (you can also read about our infrastructure tooling choices and what’s in our security stack).

authentik is an open source Identity Provider that unifies your identity needs into a single platform, replacing Okta, Active Directory, and auth0. Authentik Security is a public benefit company building on top of the open source project.

Last year we shared our (mostly free and open source) security stack, including tooling we use for basic security coverage like visibility, dependency management, penetration testing, and more. Even with these tools set up, there are still activities and practices you need to do routinely and proactively to ensure you’re not at risk.

There are frameworks you can look to (e.g. NIST, OWASP SAMM) but these can be overwhelming if you’re a one-person team or new to security. If you’re coming into 2024 with a fresh resolve to improve your security posture, here’s our advice on what to prioritize (and where you can automate).

authentik is an open source Identity Provider that unifies your identity needs into a single platform, replacing Okta, Active Directory, and auth0. Authentik Security is a public benefit company building on top of the open source project.

A hearty Happy New Year to you all, from all of of us at Authentik Security, with sincere wishes that your 2024 may be filled with a maximum of joys (new features and elegant code) and a minimum of pains (bugs and the dreadful reality of not-enough-time).

The start of a new year makes me want to first say thank you for the past year.

authentik is an open source Identity Provider that unifies your identity needs into a single platform, replacing Okta, Active Directory, and auth0. Authentik Security is a public benefit company building on top of the open source project.

With great power (to choose your own tools) comes great responsibility. Not inheriting a legacy toolchain is an infrastructure engineer’s dream, but it can be hard to know where to start.

As the first infrastructure engineer hired to work on authentik, I saw the greenfield opportunities, but also the responsibility and long-term importance of choosing the best stack of tools and build processes. From my past roles, I already knew many of the considerations we would need to factor in.

For example, we know that ease of maintenance is a primary consideration, as is the stability and probable longevity of the tool, how well the tools integrate, and of course the level of support we were likely to get for each tool.

In this post we share some of what we are using to build authentik, and the lessons behind those choices.