this post was submitted on 17 Mar 2026
106 points (97.3% liked)

Selfhosted

56953 readers
1828 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

  7. No low-effort posts. This is subjective and will largely be determined by the community member reports.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
106
Single Sign in for Home Assistant now possible with OpenID (github.com)
submitted 21 hours ago by Lem453@lemmy.ca to c/selfhosted@lemmy.world
16 comments fedilink hide all child comments
 

This is a hugely requested feature for many years and a huge hole in my entire self hosted ecosystem. Every self-hosted app I have connects to my Authentik system for user management... Except home assistant. Arguably one of the apps I need it for the most for the whole family to use with their accounts.

Devs have been resistant for some reason.

There is now a community integratation that allows user management for HA to be via any openID backend (authentik, keycloak etc).

I've been running it for a few days and it works perfectly. Very easy to setup if you already have a working authentik setup and know how to use it with other apps like immich.

you are viewing a single comment's thread
view the rest of the comments
[–] magic_smoke@lemmy.blahaj.zone 2 points 5 hours ago* (last edited 5 hours ago) (1 children)

For webapp stuff for sure, but when you want to login as the same user with the same perms across all your VMS and baremetal servers at the os, it's nice.

I use virtualization over containerization because i have the hardware resource so I might as well take advantage of improved isolation and security VMS provide. Plus I use Linux on my desktop/laptop, and have a separate dedicated storage host.

Its nice to have everything managed by one service with global accounts and permissions.

Looking at authentik it seems to provide some but not all of that. Def something to keep an eye on if freeipa decides to stop being so free.

If you're running a docker-based environment, and especially if your personal workstation/laptop doesn't run Linux, I totally get it.

I think freeIPA could use an openid provider packed in for sure. I also kinda trust api keys more than creating the service accounts for software that needs to auth.

Outta curiosity how do you handle SSO and File Storage? I like being able to make samba shares that require SSO authentication over something like nextcloud because I can directly mount the disk. Not sure if theres a good option there.

[–] Lem453@lemmy.ca 1 points 35 minutes ago* (last edited 33 minutes ago)

Authentik handles SSO for all my apps like immich, linkwarden, owncloud etc. Openid when available but some web apps are done via forward proxy auth. Jellyfin uses LDAP via authentik which isn't sso technically.

Other than me, no one else mounts samba shares directly. All personal files are synced to server and other devices with owncloud (OCIS).