🔐 Open Source MFA Solutions (Self-Hosted or Integratable)
1. Authelia
- Use Case: Web portal SSO with MFA for reverse proxies (Nginx, Traefik, etc.).
- Auth Methods: TOTP, Duo, WebAuthn.
- Features: LDAP/AD integration, multiple 2FA mechanisms, UI portal.
- GitHub: https://github.com/authelia/authelia
2. privacyIDEA
- Use Case: Enterprise MFA backend with RADIUS, SAML, LDAP support.
- Auth Methods: TOTP, YubiKey, SMS, Push, U2F/WebAuthn.
- Integrations: FreeRADIUS, Keycloak, OpenVPN, ownCloud.
- GitHub: https://github.com/privacyidea/privacyidea
3. Keycloak
- Use Case: Full-featured Identity Provider with MFA and SSO.
- Auth Methods: TOTP, WebAuthn, Email code, OTP over SMS.
- Bonus: Federation support, OAuth2, OIDC, SAML.
- GitHub: https://github.com/keycloak/keycloak
4. FreeIPA
- Use Case: Identity & Policy management for Linux domains.
- Auth Methods: TOTP, Radius, OTP tokens.
- Bonus: Ties into Kerberos, LDAP, and DNS services.
- Website: https://www.freeipa.org/
5. OpenIAM
- Use Case: Identity governance + MFA for enterprises.
- Auth Methods: TOTP, SMS, email-based, push (with commercial add-ons).
- Notes: More focused on mid-size/large orgs. Limited community edition.
- Website: https://www.openiam.com/
📲 TOTP Apps (Open Source Clients)
To complement your server:
- Aegis Authenticator (Android) – TOTP/HOTP + backup encryption
https://github.com/beemdevelopment/Aegis - FreeOTP – Red Hat’s open-source TOTP/HOTP app
https://github.com/freeotp - andOTP (deprecated but forked) – Great UI, backup support
https://github.com/andOTP/andOTP