Hello,

I’m currently on my way to set up a compagny server for a small team (10-20 users). I am looking for a self hosted solution to create user accounts for collaborator and give permissions to access to our different service ( our own gitlab, Teamcity, WikiJS, Redmine, …) according to their “group” (developper, DevOps, QA, Project Manager, …). I want a simple user interface if possible because it will be maintained by non adminsys people.

I think for an easy integration of all the service the solution has to be provide an LDAP domain.

Is there a solution to my requirement ?

I found :

  • Authentik
  • Keycloak
  • Authelia

Thank you !

  • CyqixNewsAlt@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Something you might want to consider given you mention “it should be managed by a non sysadmin”- What happens when something goes wrong and you cant access anything?

    As much as i like to self host what I can, sometimes it is worth considering other options

  • indykoning@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Having to connect everything via LDAP actually seems to be the more difficult way.

    For managing Authentication but also authorization OpenID and SAML are easier to set up and easier to secure in my opinion. They also allow to manage multiple groups and permissions.

    Unlike LDAP these options send you to the Auth server where you can centrally manage 2FA as well as additional login methods (e.g. if your company uses Gsuite, use that to log in)

    Though I’ve had to use LDAP for some things as well, I went with Authentik since it can do all of these. Users and groups are easy to manage. And you can block access in Authentik already instead of having to manage access by group in each application