Skip to main content

2 posts tagged with "IdP"

View All Tags

Identity: Self-hosted or in the cloud?

· 11 min read
Fletcher Heisler
CEO at Authentik Security Inc

authentik is an open source Identity Provider that unifies your identity needs into a single platform, replacing Okta, Active Directory, and Auth0. Authentik Security is a public benefit company building on top of the open source project.


In October 2023, Cloudflare announced that they had discovered yet another Okta compromise.

Cloudflare had to warn Okta first and show them how they had been breached via an insecure setup with a third-party service provider. A leading company offering security and identity as a service instead introduced insecurity.

Over the past decade or so, SaaS has become the dominant model for delivering software, and yet, such incidents aren’t surprising. The SaaS business model was supposed to align vendor and customer interests, while the technology allowed rapid updates and improvements. SaaS was supposed to bring an end to throwing software over the wall and letting customers deal with it.

Recently, however, we’ve seen many companies fleeing SaaS providers to build private clouds and run self-hosted software. At Authentik Security, we have seen more and more customers canceling legacy SaaS providers to take back control of their identity needs with our self-hosted solution.

At first glance, it looks like people are going back in time, but self-hosted software has advanced despite the popularity of SaaS and is increasingly likely to beat SaaS options across numerous measures. In this post, I’ll walk through why the industry defaults have changed and why we believe in focusing on a self-hosted product.

Security through transparency

· 8 min read
Fletcher Heisler
CEO at Authentik Security Inc

authentik is an open source Identity Provider that unifies your identity needs into a single platform, replacing Okta, Active Directory, and Auth0. Authentik Security is a public benefit company building on top of the open source project.


The XZ backdoor incident spooked a lot of people. Not all PRs are innocent—even from long-standing contributors—and this one would have created a backdoor in a utility included in almost all Linux distributions, had it not been caught.

But “open source = more vulnerable to exploits” is the wrong takeaway—being open source can actually be an advantage for security-focused products.