{"id":2604,"date":"2025-08-11T12:00:00","date_gmt":"2025-08-11T12:00:00","guid":{"rendered":"https:\/\/sascha-brockel.de\/?p=2604"},"modified":"2025-08-10T23:08:56","modified_gmt":"2025-08-10T21:08:56","slug":"authentik-self-hosted-sso-identity-management-simply-explained","status":"publish","type":"post","link":"https:\/\/sascha-brockel.de\/en\/authentik-self-hosted-sso-identity-management-simply-explained\/","title":{"rendered":"Authentication: Self-hosted SSO &amp; Identity Management explained simply"},"content":{"rendered":"<p class=\"wp-block-paragraph\">Imagine that all you had to do was <strong>register once<\/strong>to get access to all your services - from the wiki to the cloud. And that completely <strong>self-hosted<\/strong>. Welcome to <strong>Authenticity<\/strong>the modern open source tool for Single Sign-On (SSO) and Identity Management!<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">For detailed instructions and explanations of all configuration options, I recommend watching the YouTube video linked below. This video goes into detail about each individual setting, providing you with comprehensive instructions on how to set everything up correctly. Any code from the video can be found in this article, so you can use it directly without having to type it out.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">This blog post, including video, is part of a series in which we build and set up our own home server. We start with the basics, such as installing Ubuntu VM with Docker, and then move on to configuring our own domain, security measures, and, above all, lots of cool and useful self-hosted services. Whether it's media servers like Plex or Jellyfin or document management like Paperless-NGX, we'll work together to build the setup you want to see. We'll even tackle topics like single sign-on (SSO) together.<\/p>\n\n\n\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 counter-hierarchy ez-toc-counter ez-toc-transparent ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title ez-toc-toggle\" style=\"cursor:pointer\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewbox=\"0 0 24 24\" version=\"1.2\" baseprofile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/sascha-brockel.de\/en\/authentik-self-hosted-sso-identity-management-simply-explained\/#Was_ist_Single_Sign-On_SSO_und_Identity_Management\" >What is Single Sign-On (SSO) and Identity Management?<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/sascha-brockel.de\/en\/authentik-self-hosted-sso-identity-management-simply-explained\/#Single_Sign-On_SSO\" >Single Sign-On (SSO)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/sascha-brockel.de\/en\/authentik-self-hosted-sso-identity-management-simply-explained\/#Identity_Management\" >Identity Management<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/sascha-brockel.de\/en\/authentik-self-hosted-sso-identity-management-simply-explained\/#Was_ist_Authentik\" >What is authenticity?<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/sascha-brockel.de\/en\/authentik-self-hosted-sso-identity-management-simply-explained\/#Begriffe_erklart\" >Terms explained<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/sascha-brockel.de\/en\/authentik-self-hosted-sso-identity-management-simply-explained\/#Zentrale_Funktionen_im_Uberblick\" >Central functions at a glance<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/sascha-brockel.de\/en\/authentik-self-hosted-sso-identity-management-simply-explained\/#Aufbau_und_Architektur_von_Authentik\" >Structure and architecture of Authentik<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/sascha-brockel.de\/en\/authentik-self-hosted-sso-identity-management-simply-explained\/#Komponenten_von_Authentik\" >Components of authenticity:<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/sascha-brockel.de\/en\/authentik-self-hosted-sso-identity-management-simply-explained\/#Wie_funktioniert_Authentik_in_der_Praxis\" >How does authenticity work in practice?<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/sascha-brockel.de\/en\/authentik-self-hosted-sso-identity-management-simply-explained\/#Security_Features_im_Detail\" >Security features in detail<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/sascha-brockel.de\/en\/authentik-self-hosted-sso-identity-management-simply-explained\/#Multi-Faktor-Authentifizierung_MFA\" >Multi-factor authentication (MFA)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/sascha-brockel.de\/en\/authentik-self-hosted-sso-identity-management-simply-explained\/#Policy_Engine\" >Policy Engine<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-13\" href=\"https:\/\/sascha-brockel.de\/en\/authentik-self-hosted-sso-identity-management-simply-explained\/#Protokollkompatibilitat\" >Protocol compatibility<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-14\" href=\"https:\/\/sascha-brockel.de\/en\/authentik-self-hosted-sso-identity-management-simply-explained\/#Auditing_und_Transparenz\" >Auditing and transparency<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-15\" href=\"https:\/\/sascha-brockel.de\/en\/authentik-self-hosted-sso-identity-management-simply-explained\/#Sichere_Speicherung\" >Secure storage<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-16\" href=\"https:\/\/sascha-brockel.de\/en\/authentik-self-hosted-sso-identity-management-simply-explained\/#Integrationen_Kompatibilitat\" >Integrations &amp; compatibility<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-17\" href=\"https:\/\/sascha-brockel.de\/en\/authentik-self-hosted-sso-identity-management-simply-explained\/#Praxisbeispiele_fur_Authentik_im_Einsatz\" >Practical examples of authenticity in action<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-18\" href=\"https:\/\/sascha-brockel.de\/en\/authentik-self-hosted-sso-identity-management-simply-explained\/#Beispiel_1_Homelab_mit_mehreren_Diensten\" >Example 1: Homelab with multiple services<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-19\" href=\"https:\/\/sascha-brockel.de\/en\/authentik-self-hosted-sso-identity-management-simply-explained\/#Beispiel_2_Kleine_Agentur_mit_internem_Wiki_und_Kundenzugang\" >Example 2: Small agency with internal wiki and customer access<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-20\" href=\"https:\/\/sascha-brockel.de\/en\/authentik-self-hosted-sso-identity-management-simply-explained\/#Beispiel_3_Legacy-Software_per_LDAP\" >Example 3: Legacy software via LDAP<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-21\" href=\"https:\/\/sascha-brockel.de\/en\/authentik-self-hosted-sso-identity-management-simply-explained\/#Beispiel_4_Externer_Login_via_Google\" >Example 4: External login via Google<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-22\" href=\"https:\/\/sascha-brockel.de\/en\/authentik-self-hosted-sso-identity-management-simply-explained\/#Vergleich_Authentik_vs_Keycloak_vs_Authelia_vs_Entra_ID\" >Comparison: Authentik vs. Keycloak vs. Authelia vs. Entra ID<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-23\" href=\"https:\/\/sascha-brockel.de\/en\/authentik-self-hosted-sso-identity-management-simply-explained\/#Vorteile_von_Authentik_auf_einen_Blick\" >Advantages of Authentik at a glance<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-24\" href=\"https:\/\/sascha-brockel.de\/en\/authentik-self-hosted-sso-identity-management-simply-explained\/#Fur_wen_eignet_sich_Authentik\" >Who is Authentik suitable for?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-25\" href=\"https:\/\/sascha-brockel.de\/en\/authentik-self-hosted-sso-identity-management-simply-explained\/#Installation_von_Authentik_via_Docker\" >Installation of Authentik via Docker<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-26\" href=\"https:\/\/sascha-brockel.de\/en\/authentik-self-hosted-sso-identity-management-simply-explained\/#Erklarung_der_Docker_Compose\" >Explanation of the Docker Compose<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-27\" href=\"https:\/\/sascha-brockel.de\/en\/authentik-self-hosted-sso-identity-management-simply-explained\/#Bonus_Einbindung_in_NGINX_Proxy_Manager\" >Bonus: Integration in NGINX Proxy Manager<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-28\" href=\"https:\/\/sascha-brockel.de\/en\/authentik-self-hosted-sso-identity-management-simply-explained\/#Umsetzung_im_YouTube-Video\" >YouTube video implementation<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-29\" href=\"https:\/\/sascha-brockel.de\/en\/authentik-self-hosted-sso-identity-management-simply-explained\/#Fazit_Deine_Identitatszentrale_in_deiner_Hand\" >Conclusion: Your identity center in the palm of your hand<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-30\" href=\"https:\/\/sascha-brockel.de\/en\/authentik-self-hosted-sso-identity-management-simply-explained\/#Nutzliche_Links\" >Useful links<\/a><\/li><\/ul><\/nav><\/div>\n<h2 class=\"wp-block-heading\" id=\"h-was-ist-single-sign-on-sso-und-identity-management\"><span class=\"ez-toc-section\" id=\"Was_ist_Single_Sign-On_SSO_und_Identity_Management\"><\/span>What is Single Sign-On (SSO) and Identity Management?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Before we enter the world of <strong>Authenticity<\/strong> immersion, it is important to understand what <strong>Single Sign-On (SSO)<\/strong> and <strong>Identity Management<\/strong> are at all.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Single_Sign-On_SSO\"><\/span>Single Sign-On (SSO)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">SSO allows you to <strong>unique<\/strong> and then access multiple connected services without having to authenticate yourself again. Whether Nextcloud, Gitea or Grafana: one login - everything open.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Advantages of SSO:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>User-friendly: fewer logins, less frustration.<\/li>\n\n\n\n<li>Security: Fewer passwords means less attack surface.<\/li>\n\n\n\n<li>Management: Centralized control over access.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Identity_Management\"><\/span>Identity Management<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Identity management is all about <strong>Management of user identities<\/strong>their authorizations and access to systems. Modern systems allow you to manage:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>External identity providers (e.g. Google, Azure AD)<\/li>\n\n\n\n<li>User accounts<\/li>\n\n\n\n<li>Roles &amp; Groups<\/li>\n\n\n\n<li>Authentication methods (password, 2FA, certificates)<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Was_ist_Authentik\"><\/span>What is authenticity?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Authenticity<\/strong> is a modern, open-source identity management and authentication system that specializes in self-hosting. It combines centralized authentication services with sophisticated access policies, user management and protocol compatibility. Authentik speaks protocols such as <strong>OAuth2<\/strong>, <strong>OpenID Connect<\/strong>, <strong>SAML 2.0<\/strong> and <strong>LDAP<\/strong> - which makes it the ideal SSO and IAM solution for almost any infrastructure.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">It was developed in Python, uses Django as a framework and offers a modern, user-friendly web interface for admins and users. Authentik is aimed at both beginners in self-hosting and professional administrators with complex requirements.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Begriffe_erklart\"><\/span>Terms explained<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>TOTP (Time-based One-Time Password):<\/strong> A one-time code that is generated on a time basis (e.g. Google Authenticator).<\/li>\n\n\n\n<li><strong>WebAuthn:<\/strong> Modern, passwordless authentication using hardware tokens (e.g. YubiKey) or biometric devices.<\/li>\n\n\n\n<li><strong>Reverse Proxy Outposts:<\/strong> Prefabricated integrations that act as a reverse proxy and pre-switch authentication - for example for services that do not support native authentication protocols.<\/li>\n\n\n\n<li><strong>External IdPs (identity providers):<\/strong> Systems such as Google, Microsoft or GitHub, through which users can alternatively log in to Authentik - helpful for federated identities or hybrid setups.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-zentrale-funktionen-im-uberblick\"><span class=\"ez-toc-section\" id=\"Zentrale_Funktionen_im_Uberblick\"><\/span>Central functions at a glance<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>OpenID Connect &amp; OAuth2 Provider:<\/strong> For modern web apps and APIs<\/li>\n\n\n\n<li><strong>SAML 2.0:<\/strong> Compatibility with enterprise services<\/li>\n\n\n\n<li><strong>LDAP Proxy:<\/strong> Legacy support for older services<\/li>\n\n\n\n<li><strong>MFA support:<\/strong> TOTP, WebAuthn, FIDO2, backup codes<\/li>\n\n\n\n<li><strong>Reverse Proxy Outposts:<\/strong> Integration without code integration<\/li>\n\n\n\n<li><strong>Granular access policies:<\/strong> Time-dependent, IP-based, role-based<\/li>\n\n\n\n<li><strong>Integrate external IdPs:<\/strong> Google, Azure, GitHub, SAML etc.<\/li>\n\n\n\n<li><strong>User flow system:<\/strong> Customizable registration, login and approval processes<\/li>\n\n\n\n<li><strong>Audit Logging &amp; Analytics:<\/strong> Transparency for admins<\/li>\n\n\n\n<li><strong>API &amp; webhook support:<\/strong> Automation and DevOps friendliness<\/li>\n<\/ul>\n\n\n\n<div class=\"atkp-container atkp-grid_3_columns-box  atkp-template-grid_3_columns\">\n            <div class=\"atkp-clearfix atkp-box-3-cols\">\n                            <div class=\"atkp-box atkp-smallbox atkp-box-3-cols-item atkp-clearfix\">\n                    <div class=\"atkp-thumb\">\n                                                    <img decoding=\"async\" class=\"atkp-image\" src=\"https:\/\/m.media-amazon.com\/images\/I\/31i+QGiO6sL._SL160_.jpg\"\n                                 alt=\"Anker SoundCore 2 Bluetooth Speaker, Fantastic Sound, Enormous Bass with Dual Bass Drivers, 24h Battery, Improved IPX7 Water Protection, Wireless Speaker for iPhone, galaxy etc.(Black)\"\/>\n                                            <\/div>\n                    <div class=\"atkp-content\">\n                                                    <a class=\"atkp-title\" href=\"https:\/\/www.amazon.de\/dp\/B01MTB55WH?tag=sasbro0a-21&linkCode=osi&th=1&psc=1\" rel=\"sponsored nofollow noopener\" target=\"_blank\"  title=\"Buy now at Amazon\">Anker SoundCore 2 Bluetooth Speaker, Fantastic Sound, Enormous Bass with Dual Bass Drivers, 24h Battery, Improved IPX7 Water Protection, Wireless Speaker for iPhone, galaxy etc.(Black)*.<\/a>\n                                                <div class=\"atkp-author\">by Anker<\/div>\n                    <\/div>\n                    <div class=\"atkp-bottom\">\n                        <div class=\"atkp-ratingbar\">\n                                                            <div class=\"atkp-rating\"><span class=\"atkp-star atkp-star-0 atkp-star-00\" title=\"0.00 of 5 stars\"><\/span><\/div>\n                                                        <div class=\"atkp-primelogo\"><\/div>\n                            <div class=\"atkp-clearfix\"><\/div>\n                        <\/div>\n                                                    <span class=\"atkp-price atkp-saleprice\">\n                                Price: \u20ac 31.99\n                                                                    <span class=\"atkp_price atkp-baseprice\"><\/span>\n                                                            <\/span>\n                                                                            <a href=\"https:\/\/www.amazon.de\/dp\/B01MTB55WH?tag=sasbro0a-21&linkCode=osi&th=1&psc=1\" rel=\"sponsored nofollow noopener\" target=\"_blank\"  title=\"Buy now at Amazon\" class=\"atkp-button\">Buy now on Amazon*<\/a>\n                        \n                        \n                                                    <span class=\"atkp-priceinfo\">Price incl. VAT, Excl. shipping<\/span>\n                                                                            <div class=\"atkp-shoplogo\">Amazon<\/div>\n                                            <\/div>\n                <\/div>\n                            <div class=\"atkp-box atkp-smallbox atkp-box-3-cols-item atkp-clearfix\">\n                    <div class=\"atkp-thumb\">\n                                                    <img decoding=\"async\" class=\"atkp-image\" src=\"https:\/\/m.media-amazon.com\/images\/I\/31RjqQTUoxL._SL160_.jpg\"\n                                 alt=\"JBL Charge 6, portable Bluetooth speaker, 28 hours battery life, IP68 waterproof, dust and shock resistant, JBL Pro Sound with AI Sound Boost, Auracast Multi-Speaker, Black\"\/>\n                                            <\/div>\n                    <div class=\"atkp-content\">\n                                                    <a class=\"atkp-title\" href=\"https:\/\/www.amazon.de\/dp\/B0DXKNBQS6?tag=sasbro0a-21&linkCode=osi&th=1&psc=1\" rel=\"sponsored nofollow noopener\" target=\"_blank\"  title=\"Buy now at Amazon\">JBL Charge 6, portable Bluetooth speaker, 28 hours battery life, IP68 waterproof, dust and shock resistant, JBL Pro Sound with AI Sound Boost, Auracast Multi-Speaker, Black*<\/a>\n                                                <div class=\"atkp-author\">by JBL<\/div>\n                    <\/div>\n                    <div class=\"atkp-bottom\">\n                        <div class=\"atkp-ratingbar\">\n                                                            <div class=\"atkp-rating\"><span class=\"atkp-star atkp-star-0 atkp-star-00\" title=\"0.00 of 5 stars\"><\/span><\/div>\n                                                        <div class=\"atkp-primelogo\"><\/div>\n                            <div class=\"atkp-clearfix\"><\/div>\n                        <\/div>\n                                                    <span class=\"atkp-price atkp-saleprice\">\n                                Price: \u20ac 134.00\n                                                                    <span class=\"atkp_price atkp-baseprice\"><\/span>\n                                                            <\/span>\n                                                                            <a href=\"https:\/\/www.amazon.de\/dp\/B0DXKNBQS6?tag=sasbro0a-21&linkCode=osi&th=1&psc=1\" rel=\"sponsored nofollow noopener\" target=\"_blank\"  title=\"Buy now at Amazon\" class=\"atkp-button\">Buy now on Amazon*<\/a>\n                        \n                        \n                                                    <span class=\"atkp-priceinfo\">Price incl. VAT, Excl. shipping<\/span>\n                                                                            <div class=\"atkp-shoplogo\">Amazon<\/div>\n                                            <\/div>\n                <\/div>\n                            <div class=\"atkp-box atkp-smallbox atkp-box-3-cols-item atkp-clearfix\">\n                    <div class=\"atkp-thumb\">\n                                                    <img decoding=\"async\" class=\"atkp-image\" src=\"https:\/\/m.media-amazon.com\/images\/I\/415-b9aV6lL._SL160_.jpg\"\n                                 alt=\"Teufel ROCKSTER 2 - Large Bluetooth speaker - Mobile event sound system with wheels, 440 W, with long battery life, 380 mm woofer, fast charging function, robust party speaker\"\/>\n                                            <\/div>\n                    <div class=\"atkp-content\">\n                                                    <a class=\"atkp-title\" href=\"https:\/\/www.amazon.de\/dp\/B0GX78WN2M?tag=sasbro0a-21&linkCode=osi&th=1&psc=1\" rel=\"sponsored nofollow noopener\" target=\"_blank\"  title=\"Buy now at Amazon\">Teufel ROCKSTER 2 - Large Bluetooth speaker - Mobile event sound system with wheels, 440 W, with long battery life, 380 mm woofer, fast charging function, robust party speaker*<\/a>\n                                                <div class=\"atkp-author\">by Lautsprecher Teufel GmbH<\/div>\n                    <\/div>\n                    <div class=\"atkp-bottom\">\n                        <div class=\"atkp-ratingbar\">\n                                                            <div class=\"atkp-rating\"><span class=\"atkp-star atkp-star-0 atkp-star-00\" title=\"0.00 of 5 stars\"><\/span><\/div>\n                                                        <div class=\"atkp-primelogo\"><\/div>\n                            <div class=\"atkp-clearfix\"><\/div>\n                        <\/div>\n                                                    <span class=\"atkp-price atkp-saleprice\">\n                                Price: \u20ac 1,249.98\n                                                                    <span class=\"atkp_price atkp-baseprice\"><\/span>\n                                                            <\/span>\n                                                                            <a href=\"https:\/\/www.amazon.de\/dp\/B0GX78WN2M?tag=sasbro0a-21&linkCode=osi&th=1&psc=1\" rel=\"sponsored nofollow noopener\" target=\"_blank\"  title=\"Buy now at Amazon\" class=\"atkp-button\">Buy now on Amazon*<\/a>\n                        \n                        \n                                                    <span class=\"atkp-priceinfo\">Price incl. VAT, Excl. shipping<\/span>\n                                                                            <div class=\"atkp-shoplogo\">Amazon<\/div>\n                                            <\/div>\n                <\/div>\n                    <\/div>\n            <\/div>\n\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-aufbau-und-architektur-von-authentik\"><span class=\"ez-toc-section\" id=\"Aufbau_und_Architektur_von_Authentik\"><\/span>Structure and architecture of Authentik<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Authentik allows you to control the entire login process in detail - and visually via a clear web interface.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Komponenten_von_Authentik\"><\/span>Components of authenticity:<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Core:<\/strong> The central service that orchestrates logic, user management, authentication and policies.<\/li>\n\n\n\n<li><strong>Flows:<\/strong> User interactions such as login, registration, password reset or approval processes. Each flow is modularly customizable.<\/li>\n\n\n\n<li><strong>Applications:<\/strong> Abstractions for the services to be protected. This is where you define how and via which protocol a service should authenticate itself.<\/li>\n\n\n\n<li><strong>Providers:<\/strong> Technical interfaces for OAuth2, OpenID Connect, SAML or LDAP - they connect authentication with the applications.<\/li>\n\n\n\n<li><strong>Policies:<\/strong> Rule systems that allow you to define who gets access - depending on time, IP address, user attributes or group membership.<\/li>\n\n\n\n<li><strong>Outposts:<\/strong> Authentik's own reverse proxy components based on Nginx or Traefik, which can be placed directly in front of services and handle authentication via Authentik.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Wie_funktioniert_Authentik_in_der_Praxis\"><\/span>How does authenticity work in practice?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<ol start=\"1\" class=\"wp-block-list\">\n<li><strong>You register via Authentik.<\/strong><\/li>\n\n\n\n<li>Authentics checks identity, MFA, guidelines.<\/li>\n\n\n\n<li>After successful authentication, you will be redirected to your service.<\/li>\n\n\n\n<li>Authentik forwards a token or SAML assertion to the app.<\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Security_Features_im_Detail\"><\/span>Security features in detail<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Multi-Faktor-Authentifizierung_MFA\"><\/span>Multi-factor authentication (MFA)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Authentik offers MFA with:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>TOTP<\/strong> (Time-based One-Time Password): A time-based code, e.g. via Google Authenticator.<\/li>\n\n\n\n<li><strong>WebAuthn\/FIDO2:<\/strong> Hardware authentication via YubiKey, fingerprint sensor or biometric methods.<\/li>\n\n\n\n<li><strong>Backup codes:<\/strong> One-time codes for emergency registration.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Policy_Engine\"><\/span>Policy Engine<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Policies are at the heart of Authentik's security model. You can:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Fine granular<\/strong> Define access rights.<\/li>\n\n\n\n<li>Make access dependent on time, IP, geo-location or user role.<\/li>\n\n\n\n<li>Dynamically decide whether a flow is continued or canceled.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Protokollkompatibilitat\"><\/span>Protocol compatibility<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Authentik supports secure standards such as:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>OAuth2 &amp; OpenID Connect:<\/strong> For modern web applications and APIs.<\/li>\n\n\n\n<li><strong>SAML 2.0:<\/strong> For legacy applications and enterprise software.<\/li>\n\n\n\n<li><strong>LDAP Proxy:<\/strong> For the integration of older services.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Auditing_und_Transparenz\"><\/span>Auditing and transparency<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Every action, every login, every policy decision is logged. You receive:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Traceable logs<\/li>\n\n\n\n<li>Insight into failed login attempts<\/li>\n\n\n\n<li>Diagnostic aids for integration problems<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Sichere_Speicherung\"><\/span>Secure storage<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Passwords are stored using secure algorithms such as PBKDF2 + SHA256.<\/li>\n\n\n\n<li>Secrets and tokens are stored in encrypted form in the backend.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Integrationen_Kompatibilitat\"><\/span>Integrations &amp; compatibility<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">The best thing about authenticity: you can almost <strong>every application<\/strong> that supports one of the common authentication protocols - and these days that is almost all web-based tools.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Thanks to the support of <strong>OAuth2<\/strong>, <strong>OpenID Connect<\/strong>, <strong>SAML 2.0<\/strong> and <strong>LDAP<\/strong> Authentik is compatible with:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>classic web services such as Nextcloud, GitLab, Gitea, Grafana, Mattermost<\/li>\n\n\n\n<li>Enterprise software such as Jira, Confluence, Rocket.Chat, Zammad<\/li>\n\n\n\n<li>Dashboard and admin tools such as Portainer, Kubernetes dashboards<\/li>\n\n\n\n<li>internal in-house developments, APIs or admin interfaces<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Whether modern API authentication via OAuth2 or legacy login via SAML or LDAP - Authentik adapts.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">An admin can therefore build an end-to-end single sign-on solution where users only enter their password once and are then authorized across all systems - without password chaos or double logins.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">You can even integrate external identity providers such as Google or Azure AD - perfect if you want to combine hybrid identity management with self-hosting.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Praxisbeispiele_fur_Authentik_im_Einsatz\"><\/span>Practical examples of authenticity in action<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Beispiel_1_Homelab_mit_mehreren_Diensten\"><\/span>Example 1: Homelab with multiple services<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Do you run a Homelab with Nextcloud, Gitea, Grafana and Portainer? Instead of managing a separate password everywhere, set up Authentik as a central identity provider. All services are connected to Authentik via OAuth2 or SAML. Result: One login - all services available. And for all other users too. Of course, this is especially true for services that you make freely available on the Internet.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Beispiel_2_Kleine_Agentur_mit_internem_Wiki_und_Kundenzugang\"><\/span>Example 2: Small agency with internal wiki and customer access<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">In your agency, internal employees use a wiki (e.g. Wiki.js or Outline) and customers access a support portal. With Authentik, you set up two different user groups. Your policies only allow customers access to the support portal, while employees have full access - controlled via roles and groups.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Beispiel_3_Legacy-Software_per_LDAP\"><\/span>Example 3: Legacy software via LDAP<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">An old ERP system only supports LDAP for authentication. Instead of maintaining your own LDAP server, use Authentik's LDAP proxy. This keeps all identities centrally managed and synchronized.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Beispiel_4_Externer_Login_via_Google\"><\/span>Example 4: External login via Google<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Do you want to make it easy for users to log in with existing Google accounts? In Authentik, you configure Google as an external IdP. Users log in with their Google account, but are assigned roles and rights that are controlled centrally via Authentik. You are probably familiar with this variant from many providers where you can log in with Google, Microsoft, Apple or something else. It is the same principle and is simply very convenient and easy for users.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Vergleich_Authentik_vs_Keycloak_vs_Authelia_vs_Entra_ID\"><\/span>Comparison: Authentik vs. Keycloak vs. Authelia vs. Entra ID<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><tbody><tr><th>Feature<\/th><th>Authenticity<\/th><th>Keycloak<\/th><th>Authelia<\/th><th>Entra ID (Azure AD)<\/th><\/tr><tr><td>Self-hosted<\/td><td>Yes<\/td><td>Yes<\/td><td>Yes<\/td><td>No<\/td><\/tr><tr><td>Open Source<\/td><td>Yes<\/td><td>Yes<\/td><td>Yes<\/td><td>No<\/td><\/tr><tr><td>OAuth2 \/ OpenID Connect<\/td><td>Yes<\/td><td>Yes<\/td><td>No<\/td><td>Yes<\/td><\/tr><tr><td>SAML<\/td><td>Yes<\/td><td>Yes<\/td><td>Restricted<\/td><td>Yes<\/td><\/tr><tr><td>LDAP support<\/td><td>Yes (proxy)<\/td><td>Yes<\/td><td>No<\/td><td>Restricted<\/td><\/tr><tr><td>MFA (TOTP, WebAuthn, etc.)<\/td><td>Yes<\/td><td>Yes<\/td><td>Yes<\/td><td>Yes<\/td><\/tr><tr><td>User management UI<\/td><td>Modern &amp; intuitive<\/td><td>Functional<\/td><td>Minimalist<\/td><td>Very modern<\/td><\/tr><tr><td>Roles &amp; Groups (RBAC)<\/td><td>Yes<\/td><td>Yes<\/td><td>Restricted<\/td><td>Yes<\/td><\/tr><tr><td>Flow-based processes<\/td><td>Yes<\/td><td>Partially<\/td><td>No<\/td><td>Yes<\/td><\/tr><tr><td>Policy Engine<\/td><td>Strong &amp; flexible<\/td><td>Strong<\/td><td>Medium<\/td><td>Strong<\/td><\/tr><tr><td>DevOps\/API integration<\/td><td>Very good (webhooks, API)<\/td><td>Good<\/td><td>Restricted<\/td><td>Yes<\/td><\/tr><tr><td>Scalability<\/td><td>High<\/td><td>High<\/td><td>Medium<\/td><td>Very high<\/td><\/tr><tr><td>Complexity<\/td><td>Medium<\/td><td>High<\/td><td>Low<\/td><td>High<\/td><\/tr><tr><td>Hosting options<\/td><td>Docker, K8s, bare metal<\/td><td>Docker, K8s, bare metal<\/td><td>Docker<\/td><td>Cloud only<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Conclusion:<\/strong> Authenticity is a good compromise between <strong>Functionality<\/strong>, <strong>Usability<\/strong> and <strong>Self-hosting friendliness<\/strong>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Vorteile_von_Authentik_auf_einen_Blick\"><\/span>Advantages of Authentik at a glance<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u2705 <strong>Open Source &amp; free of charge<\/strong><\/li>\n\n\n\n<li>\u2705 <strong>Simple self-hosting with Docker<\/strong><\/li>\n\n\n\n<li>\u2705 <strong>GDPR-compliant, as no cloud required<\/strong><\/li>\n\n\n\n<li>\u2705 <strong>Modern UI &amp; rapid further development<\/strong><\/li>\n\n\n\n<li>\u2705 <strong>Flexibly expandable<\/strong><\/li>\n\n\n\n<li>\u2705 <strong>Integration with almost all modern web services<\/strong><\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Fur_wen_eignet_sich_Authentik\"><\/span>Who is Authentik suitable for?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Homelab enthusiasts<\/li>\n\n\n\n<li>Self-hosting with multiple web applications<\/li>\n\n\n\n<li>Small to medium-sized companies that take data protection seriously<\/li>\n\n\n\n<li>Developers who want to build secure login systems<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-installation-von-authentik-via-docker\"><span class=\"ez-toc-section\" id=\"Installation_von_Authentik_via_Docker\"><\/span>Installation of Authentik via Docker<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">To do this, you simply create a YAML file on your server with the following content (of course you make adjustments for sensitive data such as passwords or mail services):<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>services:\n  authentik:\n    image: beryju\/authentik:2025.6.4\n    container_name: authentik\n    command: server\n    restart: unless-stopped\n    networks:\n      - sascha\n    ports:\n      - 9002:9000\n      - 9444:9443\n    environment:\n      TZ: Europe\/Berlin\n      AUTHENTIK_REDIS__HOST: redis\n      AUTHENTIK_POSTGRESQL__HOST: authentik-db\n      AUTHENTIK_POSTGRESQL__USER: authentik\n      AUTHENTIK_POSTGRESQL__NAME: authentik\n      AUTHENTIK_POSTGRESQL__PASSWORD: superSafePassword\n      AUTHENTIK_ERROR_REPORTING__ENABLED: true\n      AUTHENTIK_SECRET_KEY: superSecretKey\n      AUTHENTIK_REDIS__PASSWORD:\n      AUTHENTIK_REDIS__DB: 1\n      AUTHENTIK_EMAIL__HOST: mail.host.net\n      AUTHENTIC_EMAIL__PORT: 587\n      AUTHENTIK_EMAIL__USERNAME: info@domain.de\n      AUTHENTIK_EMAIL__PASSWORD: mailPassword\n      AUTHENTIK_EMAIL__USE_TLS: true\n      AUTHENTIK_EMAIL__USE_SSL: false\n      AUTHENTIK_EMAIL__TIMEOUT: 10\n      AUTHENTIK_EMAIL__FROM: info@domain.de\n    volumes:\n      - \/mnt\/cache\/appdata\/security\/authentik\/templates:\/templates:rw\n      - \/mnt\/cache\/appdata\/security\/authentik\/media:\/media:rw\n\n  authentik-worker:\n    image: beryju\/authentik:2025.6.4\n    container_name: authentik-worker\n    command: worker\n    user: root # needed for Docker Socket to work\n    restart: unless-stopped\n    networks:\n      - sascha\n    environment:\n      TZ: Europe\/Berlin\n      AUTHENTIK_REDIS__HOST: redis\n      AUTHENTIK_POSTGRESQL__HOST: authentik-db\n      AUTHENTIK_POSTGRESQL__USER: authentik\n      AUTHENTIK_POSTGRESQL__NAME: authentik\n      AUTHENTIK_POSTGRESQL__PASSWORD: superSafePassword\n      AUTHENTIK_SECRET_KEY: superSecretKey\n      AUTHENTIK_REDIS__PASSWORD:\n      AUTHENTIK_REDIS__DB: 1\n    volumes:\n      - \/mnt\/cache\/appdata\/security\/authentik\/backups:\/backups:rw\n      - \/mnt\/cache\/appdata\/security\/authentik\/media:\/media:rw\n      - \/mnt\/cache\/appdata\/security\/authentik\/certs:\/certs:rw\n      - \/mnt\/cache\/appdata\/security\/authentik\/templates:\/templates:rw\n\n  authentik-db:\n    image: postgres:latest\n    container_name: authentik-db\n    restart: unless-stopped\n    networks:\n      - sascha\n    ports:\n      - 5436:5432\n    environment:\n      TZ: Europe\/Berlin\n      POSTGRES_PASSWORD: superSafePassword\n      POSTGRES_USER: authentik\n      POSTGRES_DB: authentik\n    volumes:\n      - \/mnt\/cache\/appdata\/security\/authentik-db:\/var\/lib\/postgresql\/data:rw\n    healthcheck:\n      test: [\"CMD-SHELL\", \"pg_isready -U authentik -d authentik\"]\n      interval: 10s\n      timeout: 5s\n      retries: 3\n\nnetworks:\n  sascha:\n    external: true<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">You can then simply start the services with the following command (the name must of course be adapted):<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>docker compose -f \"docker-compose-authentik.yml\" up -d<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-erklarung-der-docker-compose\"><span class=\"ez-toc-section\" id=\"Erklarung_der_Docker_Compose\"><\/span>Explanation of the Docker Compose<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">In a typical setup with Docker Compose, Authentik consists of several services:<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The container <code>authenticity<\/code> is the main server. It uses the official Docker image <code>beryju\/authentics<\/code> in a specific version and is activated with the command <code>server<\/code> is started. The container is part of a named network and listens on ports 9000 (HTTP) and 9443 (HTTPS), which are mapped locally to 9002 and 9444 respectively. To ensure that the service restarts after a crash <code>restart: unless-stopped<\/code> activated.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The environment variables configure the time zone, the connection to the PostgreSQL database (<code>AUTHENTIC_POSTGRESQL__HOST<\/code>, <code>USER<\/code>, <code>PASSWORD<\/code>), the Redis instance for caching and security settings such as a secret key (<code>AUTHENTIC_SECRET_KEY<\/code>). In addition, mail server settings are stored that enable Authentik to send emails for password resets or notifications.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The volumes integrate local directories into the system - including for templates and uploaded media.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The second container <code>authentic-worker<\/code> executes background tasks, such as processing e-mails, webhooks or tasks from flows. The same image version is also used here, but with the start command <code>worker<\/code>. The container requires access to the same database and Redis instance as the main server. It also mounts additional volumes, e.g. for backups and certificates.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The container <code>authentic-db<\/code> provides the PostgreSQL database. It is based on the official <code>postgres<\/code>-image, stores data in the local volume, uses a health check command (<code>pg_isready<\/code>) for monitoring and can be reached externally via port 5436. This also ensures that the container restarts automatically in the event of an error.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">All three services are located in the network <code>sasha<\/code>which is declared as external - possibly a user-defined, existing network for a larger infrastructure. This can of course be changed at will and is only mentioned here for my example.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-bonus-einbindung-in-nginx-proxy-manager\"><span class=\"ez-toc-section\" id=\"Bonus_Einbindung_in_NGINX_Proxy_Manager\"><\/span>Bonus: Integration in NGINX Proxy Manager<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/sascha-brockel.de\/wp-content\/uploads\/2025\/08\/image.avif\"><img data-dominant-color=\"f9807f\" data-has-transparency=\"false\" style=\"--dominant-color: #f9807f;\" fetchpriority=\"high\" decoding=\"async\" width=\"621\" height=\"676\" src=\"https:\/\/sascha-brockel.de\/wp-content\/uploads\/2025\/08\/image.avif\" alt=\"\" class=\"wp-image-2610 not-transparent\" srcset=\"https:\/\/sascha-brockel.de\/wp-content\/uploads\/2025\/08\/image.avif 621w, https:\/\/sascha-brockel.de\/wp-content\/uploads\/2025\/08\/image-276x300.avif 276w, https:\/\/sascha-brockel.de\/wp-content\/uploads\/2025\/08\/image-11x12.avif 11w\" sizes=\"(max-width: 621px) 100vw, 621px\" \/><\/a><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"youtube\"><span class=\"ez-toc-section\" id=\"Umsetzung_im_YouTube-Video\"><\/span>YouTube video implementation<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n\n\n<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-4-3 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe title=\"\u26a0\ufe0fAuthentik: Host and securely manage Single Sign-On (SSO) &amp; modern identity management yourself!\" width=\"750\" height=\"563\" src=\"https:\/\/www.youtube.com\/embed\/fEIUzdgAU_E?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe>\n<\/div><\/figure>\n\n\n<p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-fazit-deine-identitatszentrale-in-deiner-hand\"><span class=\"ez-toc-section\" id=\"Fazit_Deine_Identitatszentrale_in_deiner_Hand\"><\/span>Conclusion: Your identity center in the palm of your hand<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">With <strong>Authenticity<\/strong> you get a powerful, modern and self-hosted solution for centralized authentication and user management. Whether you just want to secure Nextcloud or control an entire corporate network - Authentik offers you all the tools you need to do this securely, efficiently and transparently.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">If you've had enough of insecure passwords, inconsistent user management and dependence on cloud services, now is the perfect time to switch to authentication.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Nutzliche_Links\"><\/span>Useful links<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\ud83d\udd17 <a href=\"https:\/\/goauthentik.io\/\" target=\"_blank\" rel=\"noreferrer noopener\">Official website<\/a><\/li>\n\n\n\n<li>\ud83d\udd17 <a href=\"https:\/\/github.com\/goauthentik\/authentik\" target=\"_blank\" rel=\"noreferrer noopener\">GitHub Repository<\/a><\/li>\n<\/ul>\n\n\n\n<div id=\"jp-block-themeisle-blocks-font-awesome-icons-8c6d8bc1\" class=\"wp-block-themeisle-blocks-font-awesome-icons jp-block-themeisle-blocks-font-awesome-icons\"><span class=\"wp-block-themeisle-blocks-font-awesome-icons-container\"><a href=\"https:\/\/sascha-brockel.de\/en\/#contact\" target=\"_self\" rel=\"noopener noreferrer\"><i class=\"fas fa-business-time\"><\/i><\/a><\/span><\/div>\n\n\n\n<h4 id=\"jp-block-themeisle-blocks-advanced-heading-baa7fa4c\" class=\"wp-block-themeisle-blocks-advanced-heading jp-block-themeisle-blocks-advanced-heading-baa7fa4c jp-block-themeisle-blocks-advanced-heading ticss-116fe371\">Interested, but lack time or knowledge?<\/h4>\n\n\n\n<p id=\"jp-block-themeisle-blocks-advanced-heading-16f35f43\" class=\"wp-block-themeisle-blocks-advanced-heading jp-block-themeisle-blocks-advanced-heading-16f35f43 jp-block-themeisle-blocks-advanced-heading ticss-0e2b851d\">No problem. Contact me and we will discuss your requirements. No matter if business or private.<\/p>\n\n\n\n<div id=\"jp-block-themeisle-blocks-button-group-77e0455a\" class=\"wp-block-themeisle-blocks-button-group wp-block-buttons align-center jp-block-themeisle-blocks-button-group jp-block-buttons\">\n<div id=\"jp-block-themeisle-blocks-button-c6fb3687\" class=\"wp-block-themeisle-blocks-button wp-block-button jp-block-themeisle-blocks-button jp-block-button\"><a href=\"https:\/\/sascha-brockel.de\/en\/#contact\" target=\"_self\" rel=\"noopener noreferrer\" class=\"wp-block-button__link\"><i class=\"fas fa-fw fa-phone-volume margin-right\"><\/i><span>Contact<\/span><\/a><\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>Stell dir vor, du m\u00fcsstest dich nur noch einmal anmelden, um Zugriff auf all deine Dienste zu erhalten \u2013 vom Wiki bis zur Cloud. Und das komplett selbst gehostet. Willkommen bei Authentik, dem modernen Open-Source-Tool f\u00fcr Single Sign-On (SSO) und Identity Management! Was ist Single Sign-On (SSO) und Identity Management? [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":2607,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_themeisle_gutenberg_block_has_review":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":false,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[77,52],"tags":[16,94,31,95],"class_list":["post-2604","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-apps","category-selfhosted-server","tag-docker","tag-security","tag-selfhosted","tag-sso"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.7 (Yoast SEO v27.7) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Authentik: Self-hosted SSO &amp; Identity Management einfach erkl\u00e4rt - Sascha Brockel<\/title>\n<meta name=\"description\" content=\"Mit Authentik SSO &amp; Identity Management selbst hosten: sichere Logins, zentrale Benutzerverwaltung &amp; Datenschutz unter eigener Kontrolle.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/sascha-brockel.de\/en\/authentik-self-hosted-sso-identity-management-simply-explained\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Authentik: Self-hosted SSO &amp; Identity Management einfach erkl\u00e4rt\" \/>\n<meta property=\"og:description\" content=\"Mit Authentik SSO &amp; Identity Management selbst hosten: sichere Logins, zentrale Benutzerverwaltung &amp; Datenschutz unter eigener Kontrolle.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/sascha-brockel.de\/en\/authentik-self-hosted-sso-identity-management-simply-explained\/\" \/>\n<meta property=\"og:site_name\" content=\"Sascha Brockel\" \/>\n<meta property=\"article:published_time\" content=\"2025-08-11T12:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/sascha-brockel.de\/wp-content\/uploads\/2025\/08\/security-protection-anti-virus-software-60504.avif\" \/>\n\t<meta property=\"og:image:width\" content=\"1880\" \/>\n\t<meta property=\"og:image:height\" content=\"1253\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Sascha Brockel\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@saschabrockel\" \/>\n<meta name=\"twitter:site\" content=\"@saschabrockel\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Sascha Brockel\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"11 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/sascha-brockel.de\\\/en\\\/authentik-self-hosted-sso-identity-management-simply-explained\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/sascha-brockel.de\\\/en\\\/authentik-self-hosted-sso-identity-management-simply-explained\\\/\"},\"author\":{\"name\":\"Sascha Brockel\",\"@id\":\"https:\\\/\\\/sascha-brockel.de\\\/#\\\/schema\\\/person\\\/3675ac2cf16fa04c60aca4dedca5c970\"},\"headline\":\"Authentik: Self-hosted SSO &amp; Identity Management einfach erkl\u00e4rt\",\"datePublished\":\"2025-08-11T12:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/sascha-brockel.de\\\/en\\\/authentik-self-hosted-sso-identity-management-simply-explained\\\/\"},\"wordCount\":1758,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/sascha-brockel.de\\\/#\\\/schema\\\/person\\\/3675ac2cf16fa04c60aca4dedca5c970\"},\"image\":{\"@id\":\"https:\\\/\\\/sascha-brockel.de\\\/en\\\/authentik-self-hosted-sso-identity-management-simply-explained\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/sascha-brockel.de\\\/wp-content\\\/uploads\\\/2025\\\/08\\\/security-protection-anti-virus-software-60504.avif\",\"keywords\":[\"Docker\",\"Security\",\"Selfhosted\",\"SSO\"],\"articleSection\":[\"Apps\",\"Selfhosted Server\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/sascha-brockel.de\\\/en\\\/authentik-self-hosted-sso-identity-management-simply-explained\\\/#respond\"]}],\"copyrightYear\":\"2025\",\"copyrightHolder\":{\"@id\":\"https:\\\/\\\/sascha-brockel.de\\\/en\\\/#organization\"}},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/sascha-brockel.de\\\/en\\\/authentik-self-hosted-sso-identity-management-simply-explained\\\/\",\"url\":\"https:\\\/\\\/sascha-brockel.de\\\/en\\\/authentik-self-hosted-sso-identity-management-simply-explained\\\/\",\"name\":\"Authentik: Self-hosted SSO &amp; Identity Management einfach erkl\u00e4rt - Sascha Brockel\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/sascha-brockel.de\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/sascha-brockel.de\\\/en\\\/authentik-self-hosted-sso-identity-management-simply-explained\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/sascha-brockel.de\\\/en\\\/authentik-self-hosted-sso-identity-management-simply-explained\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/sascha-brockel.de\\\/wp-content\\\/uploads\\\/2025\\\/08\\\/security-protection-anti-virus-software-60504.avif\",\"datePublished\":\"2025-08-11T12:00:00+00:00\",\"description\":\"Mit Authentik SSO & Identity Management selbst hosten: sichere Logins, zentrale Benutzerverwaltung & Datenschutz unter eigener Kontrolle.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/sascha-brockel.de\\\/en\\\/authentik-self-hosted-sso-identity-management-simply-explained\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/sascha-brockel.de\\\/en\\\/authentik-self-hosted-sso-identity-management-simply-explained\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/sascha-brockel.de\\\/en\\\/authentik-self-hosted-sso-identity-management-simply-explained\\\/#primaryimage\",\"url\":\"https:\\\/\\\/sascha-brockel.de\\\/wp-content\\\/uploads\\\/2025\\\/08\\\/security-protection-anti-virus-software-60504.avif\",\"contentUrl\":\"https:\\\/\\\/sascha-brockel.de\\\/wp-content\\\/uploads\\\/2025\\\/08\\\/security-protection-anti-virus-software-60504.avif\",\"width\":1880,\"height\":1253,\"caption\":\"Photo by Pixabay on Pexels.com\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/sascha-brockel.de\\\/en\\\/authentik-self-hosted-sso-identity-management-simply-explained\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Startseite\",\"item\":\"https:\\\/\\\/sascha-brockel.de\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Authentik: Self-hosted SSO &amp; Identity Management einfach erkl\u00e4rt\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/sascha-brockel.de\\\/#website\",\"url\":\"https:\\\/\\\/sascha-brockel.de\\\/\",\"name\":\"Sascha Brockel\",\"description\":\"Fortschritt kennt keine Grenzen\",\"publisher\":{\"@id\":\"https:\\\/\\\/sascha-brockel.de\\\/#\\\/schema\\\/person\\\/3675ac2cf16fa04c60aca4dedca5c970\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/sascha-brockel.de\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\\\/\\\/sascha-brockel.de\\\/#\\\/schema\\\/person\\\/3675ac2cf16fa04c60aca4dedca5c970\",\"name\":\"Sascha Brockel\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/i0.wp.com\\\/sascha-brockel.de\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/Brockel_Sascha_3_3zu4-Grau.png?fit=709%2C945&ssl=1\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/sascha-brockel.de\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/Brockel_Sascha_3_3zu4-Grau.png?fit=709%2C945&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/sascha-brockel.de\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/Brockel_Sascha_3_3zu4-Grau.png?fit=709%2C945&ssl=1\",\"width\":709,\"height\":945,\"caption\":\"Sascha Brockel\"},\"logo\":{\"@id\":\"https:\\\/\\\/i0.wp.com\\\/sascha-brockel.de\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/Brockel_Sascha_3_3zu4-Grau.png?fit=709%2C945&ssl=1\"},\"sameAs\":[\"https:\\\/\\\/sascha-brockel.de\\\/\",\"https:\\\/\\\/www.instagram.com\\\/saschabrockel\\\/\",\"https:\\\/\\\/www.linkedin.com\\\/in\\\/sascha-brockel-b20725164\\\/\",\"https:\\\/\\\/x.com\\\/saschabrockel\",\"https:\\\/\\\/www.youtube.com\\\/channel\\\/UCogo25FboCahP7s8--HDuIQ\"]}]}<\/script>\n<meta property=\"og:video\" content=\"https:\/\/www.youtube.com\/embed\/fEIUzdgAU_E\" \/>\n<meta property=\"og:video:type\" content=\"text\/html\" \/>\n<meta property=\"og:video:duration\" content=\"844\" \/>\n<meta property=\"og:video:width\" content=\"480\" \/>\n<meta property=\"og:video:height\" content=\"270\" \/>\n<meta property=\"ya:ovs:adult\" content=\"false\" \/>\n<meta property=\"ya:ovs:upload_date\" content=\"2025-08-11T12:00:00+00:00\" \/>\n<meta property=\"ya:ovs:allow_embed\" content=\"true\" \/>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Authentik: Self-hosted SSO &amp; Identity Management explained simply - Sascha Brockel","description":"Self-hosting with Authentik SSO &amp; Identity Management: secure logins, central user administration &amp; data protection under your own control.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/sascha-brockel.de\/en\/authentik-self-hosted-sso-identity-management-simply-explained\/","og_locale":"en_US","og_type":"article","og_title":"Authentik: Self-hosted SSO &amp; Identity Management einfach erkl\u00e4rt","og_description":"Mit Authentik SSO & Identity Management selbst hosten: sichere Logins, zentrale Benutzerverwaltung & Datenschutz unter eigener Kontrolle.","og_url":"https:\/\/sascha-brockel.de\/en\/authentik-self-hosted-sso-identity-management-simply-explained\/","og_site_name":"Sascha Brockel","article_published_time":"2025-08-11T12:00:00+00:00","og_image":[{"width":1880,"height":1253,"url":"https:\/\/sascha-brockel.de\/wp-content\/uploads\/2025\/08\/security-protection-anti-virus-software-60504.avif","type":"image\/jpeg"}],"author":"Sascha Brockel","twitter_card":"summary_large_image","twitter_creator":"@saschabrockel","twitter_site":"@saschabrockel","twitter_misc":{"Written by":"Sascha Brockel","Est. reading time":"11 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/sascha-brockel.de\/en\/authentik-self-hosted-sso-identity-management-simply-explained\/#article","isPartOf":{"@id":"https:\/\/sascha-brockel.de\/en\/authentik-self-hosted-sso-identity-management-simply-explained\/"},"author":{"name":"Sascha Brockel","@id":"https:\/\/sascha-brockel.de\/#\/schema\/person\/3675ac2cf16fa04c60aca4dedca5c970"},"headline":"Authentik: Self-hosted SSO &amp; Identity Management einfach erkl\u00e4rt","datePublished":"2025-08-11T12:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/sascha-brockel.de\/en\/authentik-self-hosted-sso-identity-management-simply-explained\/"},"wordCount":1758,"commentCount":0,"publisher":{"@id":"https:\/\/sascha-brockel.de\/#\/schema\/person\/3675ac2cf16fa04c60aca4dedca5c970"},"image":{"@id":"https:\/\/sascha-brockel.de\/en\/authentik-self-hosted-sso-identity-management-simply-explained\/#primaryimage"},"thumbnailUrl":"https:\/\/sascha-brockel.de\/wp-content\/uploads\/2025\/08\/security-protection-anti-virus-software-60504.avif","keywords":["Docker","Security","Selfhosted","SSO"],"articleSection":["Apps","Selfhosted Server"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/sascha-brockel.de\/en\/authentik-self-hosted-sso-identity-management-simply-explained\/#respond"]}],"copyrightYear":"2025","copyrightHolder":{"@id":"https:\/\/sascha-brockel.de\/en\/#organization"}},{"@type":"WebPage","@id":"https:\/\/sascha-brockel.de\/en\/authentik-self-hosted-sso-identity-management-simply-explained\/","url":"https:\/\/sascha-brockel.de\/en\/authentik-self-hosted-sso-identity-management-simply-explained\/","name":"Authentik: Self-hosted SSO &amp; Identity Management explained simply - Sascha Brockel","isPartOf":{"@id":"https:\/\/sascha-brockel.de\/#website"},"primaryImageOfPage":{"@id":"https:\/\/sascha-brockel.de\/en\/authentik-self-hosted-sso-identity-management-simply-explained\/#primaryimage"},"image":{"@id":"https:\/\/sascha-brockel.de\/en\/authentik-self-hosted-sso-identity-management-simply-explained\/#primaryimage"},"thumbnailUrl":"https:\/\/sascha-brockel.de\/wp-content\/uploads\/2025\/08\/security-protection-anti-virus-software-60504.avif","datePublished":"2025-08-11T12:00:00+00:00","description":"Self-hosting with Authentik SSO &amp; Identity Management: secure logins, central user administration &amp; data protection under your own control.","breadcrumb":{"@id":"https:\/\/sascha-brockel.de\/en\/authentik-self-hosted-sso-identity-management-simply-explained\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/sascha-brockel.de\/en\/authentik-self-hosted-sso-identity-management-simply-explained\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/sascha-brockel.de\/en\/authentik-self-hosted-sso-identity-management-simply-explained\/#primaryimage","url":"https:\/\/sascha-brockel.de\/wp-content\/uploads\/2025\/08\/security-protection-anti-virus-software-60504.avif","contentUrl":"https:\/\/sascha-brockel.de\/wp-content\/uploads\/2025\/08\/security-protection-anti-virus-software-60504.avif","width":1880,"height":1253,"caption":"Photo by Pixabay on Pexels.com"},{"@type":"BreadcrumbList","@id":"https:\/\/sascha-brockel.de\/en\/authentik-self-hosted-sso-identity-management-simply-explained\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Startseite","item":"https:\/\/sascha-brockel.de\/"},{"@type":"ListItem","position":2,"name":"Authentik: Self-hosted SSO &amp; Identity Management einfach erkl\u00e4rt"}]},{"@type":"WebSite","@id":"https:\/\/sascha-brockel.de\/#website","url":"https:\/\/sascha-brockel.de\/","name":"Sascha Brockel","description":"Progress knows no boundaries","publisher":{"@id":"https:\/\/sascha-brockel.de\/#\/schema\/person\/3675ac2cf16fa04c60aca4dedca5c970"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/sascha-brockel.de\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/sascha-brockel.de\/#\/schema\/person\/3675ac2cf16fa04c60aca4dedca5c970","name":"Sascha Brockel","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/i0.wp.com\/sascha-brockel.de\/wp-content\/uploads\/2023\/10\/Brockel_Sascha_3_3zu4-Grau.png?fit=709%2C945&ssl=1","url":"https:\/\/i0.wp.com\/sascha-brockel.de\/wp-content\/uploads\/2023\/10\/Brockel_Sascha_3_3zu4-Grau.png?fit=709%2C945&ssl=1","contentUrl":"https:\/\/i0.wp.com\/sascha-brockel.de\/wp-content\/uploads\/2023\/10\/Brockel_Sascha_3_3zu4-Grau.png?fit=709%2C945&ssl=1","width":709,"height":945,"caption":"Sascha Brockel"},"logo":{"@id":"https:\/\/i0.wp.com\/sascha-brockel.de\/wp-content\/uploads\/2023\/10\/Brockel_Sascha_3_3zu4-Grau.png?fit=709%2C945&ssl=1"},"sameAs":["https:\/\/sascha-brockel.de\/","https:\/\/www.instagram.com\/saschabrockel\/","https:\/\/www.linkedin.com\/in\/sascha-brockel-b20725164\/","https:\/\/x.com\/saschabrockel","https:\/\/www.youtube.com\/channel\/UCogo25FboCahP7s8--HDuIQ"]}]},"og_video":"https:\/\/www.youtube.com\/embed\/fEIUzdgAU_E","og_video_type":"text\/html","og_video_duration":"844","og_video_width":"480","og_video_height":"270","ya_ovs_adult":"false","ya_ovs_upload_date":"2025-08-11T12:00:00+00:00","ya_ovs_allow_embed":"true"},"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/sascha-brockel.de\/wp-content\/uploads\/2025\/08\/security-protection-anti-virus-software-60504.avif","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/sascha-brockel.de\/en\/wp-json\/wp\/v2\/posts\/2604","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sascha-brockel.de\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sascha-brockel.de\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sascha-brockel.de\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/sascha-brockel.de\/en\/wp-json\/wp\/v2\/comments?post=2604"}],"version-history":[{"count":5,"href":"https:\/\/sascha-brockel.de\/en\/wp-json\/wp\/v2\/posts\/2604\/revisions"}],"predecessor-version":[{"id":2623,"href":"https:\/\/sascha-brockel.de\/en\/wp-json\/wp\/v2\/posts\/2604\/revisions\/2623"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sascha-brockel.de\/en\/wp-json\/wp\/v2\/media\/2607"}],"wp:attachment":[{"href":"https:\/\/sascha-brockel.de\/en\/wp-json\/wp\/v2\/media?parent=2604"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sascha-brockel.de\/en\/wp-json\/wp\/v2\/categories?post=2604"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sascha-brockel.de\/en\/wp-json\/wp\/v2\/tags?post=2604"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}