Authentik will manage users/groups provide an ldap server and do all single factor and multi factor auth. Cooptonian has great guides on youtube.
Self-Hosted Main
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
For Example
- Service: Dropbox - Alternative: Nextcloud
- Service: Google Reader - Alternative: Tiny Tiny RSS
- Service: Blogger - Alternative: WordPress
We welcome posts that include suggestions for good self-hosted alternatives to popular online services, how they are better, or how they give back control of your data. Also include hints and tips for less technical readers.
Useful Lists
- Awesome-Selfhosted List of Software
- Awesome-Sysadmin List of Software
I prefer Microsoft AD for LDAP, you can then add anything you like for OICD or SAML like Authelia, Authentik or KeyCloack. Why MS AD? Because I have lots of Windows clients, so it’s a no brainer. If you don’t have Windows clients you can use LLDAP or similar.
I use LLDAP for mine. Works great!
Maybe look into this: r/selfhosted/comments/1804cr2/pomerium_v024_update/