# Simple Auth
Simple-Auth is a designed to be an easy way to manage your site's users. Unlike large complex solutions, it aims to provide simple login and user-management to a small or medium site. It doesn't try to replace global authentication providers or enterprise user management (kerberos, active directory, etc...)
Looking to get started? See Quickstart
- Local user management (create account, login, TOTP two-factor)
- Credential validation via API and OAuth2 / OIDC
- Reverse proxy to downstream service blocked by login (gateway)
- Per-request vouching (eg. for NGINX
auth_requestto act as a validator for login), to act as an authentication portal
- Same-domain/subdomain login provider via cookie validation
- Various API implementations to authenticate a user (Local username/password, third-party OIDC, etc)
- OpenID Connect Login (OIDC) eg. Google Auth
- Optional welcome email and email-verification
- Forgot/lost password
- Login/access-attempt auditing
- REST API to all underlying functionality
- Mobile friendly
- White-label deployment using customizations
# Why Not...
There are plenty of other authentication providers out there. You can always roll your own or use another solution like Okta (opens new window), Gluu (opens new window) or Keycloak (opens new window). While these services are perfectly fine (they're great, infact), simple-auth tries to be simple. Our quickstart is incredibly short and the hosting modes allow zero-to-fully setup in less than 5 minutes.
Long story short, if you have the use case and time to look at another provider, please do! If you're looking for something simple and easy to get started with, simple-auth may be for you.
At the root of the object representation sits the "Account". It is associated with a unique email. By itself, an account does not give access to login, it needs an authentication object associated with it.
By default, simple-auth is split into three layers:
- Login Providers: The mechanisms that allow creating an account object, and how a user logs in. For example, a Local account or OIDC (OAuth2)
- Authenticators (API): How dowstream apps can authenticate with simple-auth. Usually via API or requests
- Access Layer: How web applications can authenticate with simple-auth
You can find more information on all three layers on the left. Not all 3 layers are required for a functional setup.
# Next Steps
Try heading over to Quickstart and giving it a try!