Single Sign-On with Built-in MFA? Authelia's Got You Covered

Let's be honest: managing user authentication across your internal tools, dashboards, and applications is a chore. You've got your admin panels, your monitoring dashboards, your CI/CD interfaces—each one demanding a password. Then there's the whole multi-factor authentication (MFA) conversation. It's a security must-have, but rolling it out everywhere is a project in itself. What if you could secure it all behind a single, unified login that handles MFA for you?

Enter Authelia. It's an open-source authentication and authorization server that acts as a gatekeeper for your web applications. Think of it as your own internal, self-hosted single sign-on (SSO) portal with MFA baked right in. No more managing a dozen separate logins or skipping 2FA on that one internal tool because it was too much hassle to set up.

What It Does

In short, Authelia sits in front of your applications (like a reverse proxy) and intercepts requests. When a user tries to access anything you've protected, Authelia checks if they're logged in. If not, it presents a centralized login portal. Once authenticated (with their chosen second factor, like a TOTP app or a security key), they can seamlessly access all the connected apps without logging in again. It handles the session, the security policies, and the MFA enforcement, so your individual apps don't have to.

Why It's Cool

The beauty of Authelia is in its simplicity and power. You're not rewriting your apps; you're just putting a smart bouncer in front of them. It supports a range of second-factor methods out of the box—TOTP, WebAuthn for hardware keys, and even mobile push notifications via Duo. You can define access control rules with fine-grained detail (user X can access app Y but only from network Z).

It's also incredibly lightweight and built in Go, making it a breeze to run in containerized environments. The configuration is YAML-based and straightforward. You're not deploying a massive enterprise suite; you're deploying a focused tool that does one job exceptionally well: securing your homelab, your startup's internal stack, or your company's developer tools.

How to Try It

The quickest way to get a feel for Authelia is to check out their official documentation which includes detailed guides. For a hands-on test, the GitHub repository provides a compose example that lets you spin up a full demo environment with Docker Compose in minutes. It's the best way to see the login flow and admin interface without committing to a production setup.

1. Clone the repo: git clone https://github.com/authelia/authelia
2. Navigate to the compose example: cd authelia/examples/compose
3. Fire it up: docker-compose up
4. Point your browser to https://home.example.com:8080 (you may need to add entries to your hosts file as instructed in the example).

Final Thoughts

If you're tired of the authentication sprawl in your personal projects or internal infrastructure, Authelia is a seriously practical solution. It turns a complex security problem into a relatively simple configuration task. It's the kind of tool that, once you set it up, you'll wonder how you managed without it. For developers running a suite of services, it's a clear win for both security and sanity.

Follow us for more cool projects: @githubprojects