Authelia
Self-hosted authentication server with TOTP, WebAuthn, and SSO
Overview
Authelia is an open-source authentication and authorization server that acts as a companion to reverse proxies like Nginx or Traefik, providing two-factor authentication and single sign-on for self-hosted applications. While primarily an identity gateway rather than a password vault, it manages user credentials, TOTP secrets, and WebAuthn device registrations centrally. Teams use it as the authentication backbone that other self-hosted tools integrate with.
Where it falls short of 1Password
- Not a password vault; does not store or generate passwords for websites
- Requires a reverse proxy to function; no standalone mode
- LDAP/AD integration configuration is complex for non-enterprise users
We list the gaps honestly so you can decide if the trade-off is worth owning your data.
Tags
Claim this listing to keep it accurate, add a deploy template, or feature it on relevant pages.
Embed the Authelia difficulty badge in your README — it links back here.
[](https://openreplace.com/authelia)Similar open-source projects
Other self-hostable tools in the same space worth comparing.
Lightweight Bitwarden-compatible server written in Rust, perfect for self-hosting
Open-source secrets management platform for developers and teams
Encrypt files in Git with KMS/age/PGP — secrets management without a server
Official open-source server for the Bitwarden password manager